Chapter 4

Web Application Exploitation with Injection

Chapter Rundown:

■ SQL injection: the old dog still has plenty of bite

■ Popular SQL injection attacks: the how and why of SQLi

■ Controlling the web server’s operating system with O/S command injection

■ Web shells: hacking from the comfort of your browser

Introduction

A hacker can exploit code injection vulnerabilities by submitting well-crafted malicious input to cause the web application to perform unauthorized actions such as exposing sensitive authentication data (usernames and passwords) or executing system commands (adding rogue administrator accounts). Code injection attacks are the most damaging exploits that web applications face today by the fact that they impact a large number of users ...

Get The Basics of Web Hacking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.