Understanding Web Security Injections and Command Injection Risks
"Explore the risks associated with web security injections and command injections through examples and images. Learn about potential vulnerabilities and how they can be exploited, along with the implications of such attacks. Stay informed to protect against malicious activities targeting your system."
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Web Security Injection Connor Nelson Arizona State University
#Command... system("date") execve("/bin/sh", ["sh", "-c", "date"], {...}) execve("/usr/bin/date", ["date"], {...}) /usr/bin/date Thu Jan 1 00:00:00 UTC 1970
#Command... system("TZ=UTC date") execve("/bin/sh", ["sh", "-c", "TZ=UTC date"], {...}) execve("/usr/bin/date", ["date"], {"TZ": "UTC"}) /usr/bin/date Thu Jan 1 00:00:00 UTC 1970
#Command... system("TZ=MST date") execve("/bin/sh", ["sh", "-c", "TZ=MST date"], {...}) execve("/usr/bin/date", ["date"], {"TZ": "MST"}) /usr/bin/date Wed Dec 31 17:00:00 MST 1969
#Command... Injection system("TZ=`whoami` date") execve("/bin/sh", ["sh", "-c", "TZ=`whoami` date"], {...}) execve("/usr/bin/whoami", ["whoami"], {...}) /usr/bin/whoami root
#Command... Injection system("TZ=`whoami` date") execve("/bin/sh", ["sh", "-c", "TZ=`whoami` date"], {...}) execve("/usr/bin/whoami", ["whoami"], {...}) execve("/usr/bin/date", ["date"], {"TZ": "root"}) /usr/bin/date Thu Jan 1 00:00:00 root 1970
#Command... Injection system("TZ=; whoami # date") execve("/bin/sh", ["sh", "-c", "TZ=; whoami # date"], {...}) execve("/usr/bin/whoami", ["whoami"], {...}) /usr/bin/whoami root
#HTML.... html_response("<p>Hello, Connor!</p>") Hello, Connor!
#HTML.... Injection html_response("<p>Hello, <script>alert(1)</script>!</p>") Hello, ! This page says 1 OK
#SQL... execute("SELECT * FROM users WHERE username = 'connor' AND password = 'password123'") users result username password username password admin admin connor password123 connor password123 kanak hunter2
#SQL... Injection execute("SELECT * FROM users WHERE username = 'admin' AND password = '' OR 1=1 --'") users result username password username password admin admin admin admin connor password123 kanak hunter2