Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Injection — It's Not Just For SQL Anymore

Posted by ryuzaki0 on from the injections-that-aren't-fun dept.

nywanna writes "When most people think of malicious injection, they think of SQL injection. The fact is, if you are using XML documents or an LDAP directory, you are just as vulnerable to a malicious injection as you would be using SQL. Bryan Sullivan looks at the different types of malicious code injections and examines the very basics of preventing these injections."

4 of 119 comments (clear)

  1. Re:pr0n by spellraiser · · Score: 5, Funny

    Yeah. Malicious Injection was a pretty good flick. I can't wait for Malicious Injection: The SQL.

    --
    I hear there's rumors on the Slashdots
  2. My rock-solid solution to the injection problem... by Anonymous Coward · · Score: 5, Funny

    ...is to replace database storage, xml, and ldap with comma-delimited text files on anonymous ftp. In fact, my last job fired me for gross incompetence because the other programmers were jealous of the simplicity of my solution.

  3. XML Logic Is Flawed by CowboyBob500 · · Score: 5, Informative

    In his XML example with XPath injection he states that running a certain query can return the entire order history of all customers. That may be true, but if the application is returning an XML document containing the entire order history of all customers for each customer request before running an XPath query, then I think the application has more problems than being vulnerable to XPath injection.

    Bob

    --
    Listen to my latest album here
  4. Email header injection attack by DeadSea · · Score: 5, Interesting
    Another example of an injection attack allow an attacker to send spam through a contact form that doesn't normally allow the recipient to be specified by the user.

    A webmaster hosts a contact form on his website that allows users to fill out a form to contact him. He allows the user to specify a subject and a message but the recipient is hard coded to webmaster@example.com.

    The message ends up looking like this:

    To: webmaster@example.com
    From: thewebserver@example.com
    Subject: $subject

    $message
    Where $subject and $message are captured from the user on the website.

    If the $subject is not properly sanitized, a bot could submit it with a new line in it and be able to start a new line in the headers of the email. That new line could be, for example, a large CC list of people to spam with his message:

    Buy my weight loss pills!
    CC: spammee1@example.com, spammee2@example.com

    Which is why I would suggest using a contact form such as the one that I have written that has already thought about this sort of thing.