Week 3 Command Injection, Script Injection & Memory Injection Flashcards
What is a command injection?
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.
or
Command injection is a cyber attack that involves executing arbitrary commands on a host operating system (OS).
What is code injection?
This attack differs from Code Injection, in that code injection allows the attacker to add their own code that is then executed by the application. In Command Injection, the attacker extends the default functionality of the application, which execute system commands, without the necessity of injecting code.
What is SQL injection?
SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to view data that they are not normally able to retrieve.
What is script injection?
Script injection arises when an attacker is able to execute commands on a victim’s computer beyond those which are allowed by policy.
