New page: Other types of injections

petdance / bobby-tables

bobby-tables.com, the site for preventing SQL injections

http://bobby-tables.com/

248 stars 85 forks source link

New page: Other types of injections #71

Open petdance opened 7 years ago

petdance commented 7 years ago

https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/

shawnoden commented 6 years ago

"Scope Injection" > https://www.petefreitag.com/item/834.cfm << This was written by Pete Freitag for ColdFusion, but the method may apply to other languages. It is essentially privilege escalation accomplished through an injection route.

zspitz commented 4 years ago

Apropos, from the MS Access page:

Note that any function which expects some form of structured text (e.g. JSON, XML, command line execution) may be similarly vulnerable when being passed a string concatenated from user input:
' VBA code
Shell Chr(34) & Forms!RunCommand!CommandLine & Chr(34)