The most common flaw in web applications is the injection flaw. Interactive web application takes input from the user, processes it, and returns the output to the client. When the application is vulnerable to an injection flaw, it accepts input from the user with improper or no validation and processes it, which results in actions that the application did not desire to perform. The malicious input tricks the application, forcing the underlying components to perform tasks that the application was not programmed for. In other words, an injection flaw allows the attacker to control components of the application.
In this chapter, we will discuss the major injection flaws and cover the following topics:
Command injection flaw
Identifying injection points
Tools to exploit command injection flaw
SQL injection flaw
Attack potential of the flaw
Different tools in Kali Linux to exploit SQLi
An injection flaw is used to gain access to the underlying...