A malicious parameter could modify the actions taken by a system call that normally retrieves the current user’s file to access another user’s file (e.g., by including path traversal “./” characters as part of a filename request). The susceptibility of an external call to command injection depends on how the call is made and the specific component that is being called, but almost all external calls can be attacked if the web application is not properly coded.Examples. In any case, the use of external calls is quite widespread, so the likelihood of an application having an injection flaw should be considered high.Environments AffectedEvery web application environment allows the execution of external commands such as system calls, shell commands, and SQL requests.
The consequences of a successful injection attack can also run the entire range of severity, from trivial to complete system compromise or destruction. The consequences are particularly damaging, as an attacker can obtain, corrupt, or destroy database contents.Injection vulnerabilities can be very easy to discover and exploit, but they can also be extremely obscure.
0 kommentar(er)
