12 Injection vulnerabilities

 

In this chapter

  • How attackers inject code into web applications
  • How attackers inject commands into databases
  • How attackers inject operating system commands
  • How attackers inject the line-feed character maliciously
  • How attackers inject malicious regular expressions

Ransomware has been the scourge of the internet in recent years. Ransomware operators work on a franchise model: they lend their malicious software to affiliates, and then those affiliates—hackers themselves—scour the web for vulnerable servers (or buy the addresses of already compromised servers from the dark web) to which they can deploy ransomware. The victims wake up the next day to find that the contents of their servers have been encrypted and that they must pay a cryptocurrency fee to regain control of their systems. When the fee is paid, the bounty is split between the hacker group and the ransomware vendor, and the dark web economy prospers. (Everyone else suffers.)

To deploy ransomware, an attacker needs to find a way to run malicious code on someone else’s server. Tricking a victim’s server into running malicious code is a type of injection attack. The malicious code is injected into the remote server, and bad things result.

Remote code execution

Domain-specific languages

Server-side includes

SQL injection

Parameterized statements

Object-relational mapping

NoSQL injection

MongoDB

Couchbase

Cassandra

HBase

LDAP injection

Command injection

CRLF injection

Regex injection

Summary