Code Injection

Revision as of 02:41, 24 July 2006 by Thandermax (Talk | contribs)

Jump to: navigation, search
This is an Attack. To view all attacks, please see the Attack Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


This article should cover attacks based on injecting code into a running application.


If server side scripting is enabled in some address (such as guestbook , where user can insert data) then the SSI attack can be done.

Such as :

< !--#exec cmd="ls" -- >

will show all the files in current directory is the server is on a UNIX/LINUX machine.

for Windows platform : < !--#exec cmd="dir"-- >

This can be used for destructive purpose also , as the commands are executed in root/admin previlage.

Such as < !--#exec cmd="format c:"-- >

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures