Injection

Operating System (OS) command injection

Photo by Gabriel Heinzer on Unsplash

Some web applications make calls to operating systems so that they can communicate with the operating system or hardware. OS calls include functions like:

  • Process control: monitoring what an application is doing and providing for termination
  • File management: giving the application access to interact with files
  • Device management: requesting or managing hardware like processing power
  • Information maintenance: managing or maintaining information as part of keeping data updated
  • Inter-process communication: coordinating processes for effective operation

Insecure OS command calls allow users to supply invalidated inputs. In other words, the malicious actors can take the OS command call, add an additional query notation, and gain valuable information about how to exploit the application.

July 13, 2022 by Cyber Security 0

Lightweight Directory Access Protocol (LDAP) injection

Photo by Markus Spiske on Unsplash

LDAP is a protocol that lets applications talk with directory services servers that store user IDs, passwords, and computer accounts. When applications accept user input and execute it, attackers can exploit the LDAP server by sending malicious requests.

Some examples of LDAP coding issues include:

  • Excess access privileged assigned to LDAP accounts
  • Lack of output regulation
  • Inability to perform dynamic checks
  • Lack of static source code analysis
March 20, 2022 by Software 0

Recent Comments

No comments to show.