惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
O
OpenAI News
S
Secure Thoughts
H
Heimdal Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
H
Hacker News: Front Page
S
Security Affairs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
The Register - Security
The Register - Security
GbyAI
GbyAI
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Forbes - Security
Forbes - Security
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
T
Tor Project blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
V
V2EX
T
Tailwind CSS Blog
SecWiki News
SecWiki News
NISL@THU
NISL@THU
C
Check Point Blog

Stories Archive - Cyber Security News

- Cyber Security News 12 Best Vulnerability Management Tools 2023 10 Best Secure web Gateway vendors in 2023 Types of Password Attacks Types of Firewall What is DNS Filtering? How Does It Work?
10 Most Dangerous Injection Attacks in 2023
2023-08-14 · via Stories Archive - Cyber Security News

What is an injection Attack?

A security vulnerability called an injection attack allows an attacker  to insert malicious code or commands into a system or application

1. Code injection 2. SQL injection 3.  Command injection 4.  Cross-site scripting 5.  XPath injection 6.  Mail command injection 7. CRLF injection 8. Host header injection 9.  LDAP injection 10. XXE Injection

10 Most Dangerous Injection  Attacks 2023

With the injection attacks where if the  attacker knows the programming language, database operating system, web  application, etc. Then it will become easy to inject the code via teinput and force that to the webserver

This is also a similar type of injection where attackers attack SQL scripts.This language is mostly used by the query operations in this text  input field. Scrip has to go to the application, which will directly  execute with the database.

If you do not put sufficient validation, then this type of attack is expected. Here these attackers insert the command into the system instead of programming code or script.

The output will automatically get generated whenever anything is inserted without encoding or validating. This is the chance for an attacker to send the malicious code to a different end-user.

This type of injection mainly gets affected when the user works with XPath Query for XML data. This attack exactly works like SQL injection where attackers send malformed information, they will attack your access data.

6. Mail command Injection

In this application, IAMP or SMTP statements are included, which improperly validated the user input. These two will not have strong protection against attack and most web servers can be exploitable.

Usually, this attack performs based on the vulnerable web  application, and it does not do the correct filtering for the user  point. Here vulnerability helps to open the web application which does not do the proper filtering.

8.  Host Header Injection

In this server, many websites or applications include where it  becomes necessary to determine the resident website or web application. Everyone has a virtual host which processes the incoming request. Here the server is the virtual host which can dispatch the request.

This is one of the best protocol designs which is facilitated with the other network. This is a very useful intranet where you can use a single-sign-on system and here user name and password will be stored.

This type of injection gives the vulnerability in the compilation of XML external entity (XXE). It exploited the support where it provides DTDs with weak XML parser security.