OS Injection
Hi,
This post is regarding OS Injection.
Injection always possible on user input field only. In OS injection first, we need to determine the Operating System (OS) on which the server running.
Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test in your localhost.
Solution:
We need to sanitize or ban the input which could cause the vulnerability to occur, those are as follows
- &&
- |
- …
Related Articles
command injection
Hi, This post is regarding Command Injection. Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application ...XML Injection
In this post, we will see about XML injection. XML injection can also be said as XPath injection where we inject our payload which is more or less similar to SQL injection. We could check the availability of XML injection by using single quote. If it ...NoSql Injection
In this tutorial, we will see how we can bypass NoSQL (MongoDB) in Extreme Vulnerable Node Application (XVNA). In normal SQL injection, we have few special characters which could use to find the vulnerability and so we have for NoSql. Most of the ...Error Based SQL Injection
Hi, In this post, we will learn about Error-based SQL injection. We know that there are three types of SQL injection. Union Based Injection Error Based injection Blind SQL injection Now to find SQL injection we generally use ' single quote, using ...XML External Entity Injection
Hi, This post is regarding XML External Entity Injection. An XML External Entity attack is a type of attack against an application that parses XML input. Attacks can include disclosing local files, which may contain sensitive data such as passwords ...