Trending :Website
Update is in progress

Diverse types of Injection Attacks:

While SQL injection (SQLi) and Cross-site Scripting (XSS) are the most commonly talked about injection attacks, they are by far not the only ones. The following is a list of common injection attacks:

SQL Injection

SQL Injection ~(SQLi) Injection

Injects SQL commands that can read or modify data from a database. Advanced variations of this attack can be used to write arbitrary files to the server and even execute OS commands which may lead to full system compromise.

POTENTIAL IMPACT: Authentication bypass, Information disclosure, Data loss, Data theft, Loss of data integrity, Denial of service, Full system compromise.

CODE Injection

Code Injection ~CI Attacks

Injects application code which can execute operating system commands as the user running the web application. Advanced attacks can make use of privilege escalation vulnerabilities to gain even higher privileges if necessary, which may lead to full system compromise.


POTENTIAL IMPACT: Full system compromise
CRLF Injection

CRLF Injection

Injects an unexpected CRLF (Carriage Return and Line Feed) character sequence used to split an HTTP response header and write arbitrary contents to the response body, including Cross-site Scripting (XSS).

POTENTIAL IMPACT: Cross-site Scripting (XSS)

Cross Site Scripting

Cross-site Scripting ~ (XSS)

Injects arbitrary JavaScript into a legitimate website or web application which is then executed inside a victim’s browser.

POTENTIAL IMPACT: Account impersonation, Defacement, Run arbitrary JavaScript in the victim’s browser

Email Injection

Email ~(Mail command/SMTP) Injection

Injects IMAP/SMTP statements to an email server that is not directly available via a web application.

POTENTIAL IMPACT: Spam relay, Information disclosure

Host Header Injection

Host Header Injection

Abuses the implicit trust of the HTTP Host Header to poison password-reset functionality and poison web caches.

POTENTIAL IMPACT: Password-reset poisoning, Cache poisoning

LDAP Injection

Lightweight Directory Access Protocol ~(LDAP) Injection

Injects LDAP (Lightweight Directory Access Protocol) statements to execute arbitrary LDAP commands including granting permissions and modifying the contents of an LDAP tree.

POTENTIAL IMPACT: Authentication bypass, Privilege escalation, Information disclosure

OS Command Injection

OS Command Injection

Injects operating system commands as the user running the web application. Advanced variations of this attack can leverage privilege escalation vulnerabilities which may lead to full system compromise.

POTENTIAL IMPACT: Full system compromise

XPath Injection

XPath Injection

Inject data into an application to execute crafted XPath queries which can be used to access unauthorized data and bypass authentication.

POTENTIAL IMPACT: Information disclosure, Authentication bypass

More Current Trends ...

About Author :


Sanjeev Singh
sanjeev.cyber4all.in
Sanjeev Singh is Certified Cyber Security Specialist & Professional. Also, Founder of "CYBER4ALL Community".
His area of interest are Red Teaming, Offensive Security, Digital forensics, Malware analysis & Security Assessments & Penetesting. He is active blogger and publisher of Cyber Security related articles on Cyber4All.
LinkedIn Profile: Singhsanjeev617

Top