Injection flaws are a class of security vulnerability. SQL injection, Command injection and LDAP injection are some of the injection flaws.

ethical-hacking

<section class="mt-30 content-a opencampus_courses_content"> 
 <h1 class="module_content-title " style="font-size:24px;"><span class="fa fa-edit"></span> Injection Flaws</h1> 
 <p></p>
 <h3>SQL Injection:</h3> 
 <p>User login screens, URLs, search boxes are the point of interest to an attacker since they are dynamic inputs, based on which web application requests are constructed. If an attacker is successful in making the browser construct a malicious query and get it executed by the back-end database, it is called SQL injection. An attacker may modify, delete or even do a DOS attack on the database.</p> 
 <p style="text-align: center;"><img alt="SQL injection attack" class="img-fluid" src="https://f.hubspotusercontent30.net/hubfs/20029733/Imported_Blog_Media/content_sql_injection.png" style="width: 460px; height: 287px"></p> 
 <p style="text-align: center;">Source: <a href="http://computersecuritypgp.blogspot.com/2016/01/what-is-sql-injection-attack.html" rel="nofollow" target="_blank">http://computersecuritypgp.blogspot.com/2016/01/what-is-sql-injection-attack.html</a></p> 
 <h3>Command Injection:</h3> 
 <p>If a user is able to inject operating system commands on any user input field, it may lead to attacker injecting malicious commands to get sensitive information from the web server.</p> 
 <h3>LDAP injection:</h3> 
 <p>Lightweight Directory Access Protocol is an active directory on IP, where the information is arranged in a hierarchical manner based on user attributes. LDAP injection works the same as SQL injection where the attacker tries to enter arbitrary data to craft malicious queries to be executed by the LDAP server.</p> 
 <p style="text-align: center;"><img alt="LDAP injection attack" class="img-fluid" src="https://f.hubspotusercontent30.net/hubfs/20029733/Imported_Blog_Media/content_ldap_injection_attack.png" style="width: 497px; height: 339px"></p> 
 <p style="text-align: center;">Source: <a href="http://computersecuritypgp.blogspot.com/2016/01/what-is-ldap-injection-attack.html" rel="nofollow" target="_blank">http://computersecuritypgp.blogspot.com/2016/01/what-is-ldap-injection-attack.html</a></p> 
 <p></p> 
</section>
 
<div class="course_link"></div>

Premium Resources

Free Resources

Injection Flaws | Ethical Hacking

Injection Flaws

SQL Injection:

Command Injection:

LDAP injection:

Company

Resources

Bootcamps