Summary  
This chapter covers injection attacks, where unvalidated input is embedded into code or commands, causing unintended execution such as unauthorized database queries, system commands, or client-side scripts.  

General domain of usage  
Web applications

Injection attacks are a common and dangerous type of security vulnerability in web applications and APIs. They occur when an attacker sends malicious data as part of an input, tricking the application into executing unintended commands or accessing unauthorized data. 

These attacks matter because they can lead to serious consequences, including:

- Unauthorized access to sensitive information;
- Data corruption or loss;
- Full system compromise by executing arbitrary commands.

Understanding injection attacks is essential for anyone working in cybersecurity. Recognizing how these attacks work helps you identify, prevent, and mitigate them, keeping your applications and data secure from potential threats.

## Common Types of Injection Vulnerabilities

Injection vulnerabilities let attackers send malicious data to an application, tricking it into performing unintended actions. Here are some of the most common types you need to recognize:

### SQL Injection

**SQL Injection** happens when user input is sent directly into a SQL query without proper validation or sanitization. Attackers can use this to access, modify, or delete data in your database.

**Example:**

Suppose a login form uses this code:

```sql
SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "';
```

If you enter `admin' --` as the username and anything as the password, the query becomes:

```sql
SELECT * FROM users WHERE username = 'admin' --' AND password = '';
```

The `--` turns the rest of the line into a comment, so the password check is skipped. You are logged in as `admin` without knowing the password.

### Command Injection

**Command Injection** allows attackers to run system commands on the server by injecting malicious input into functions that build shell commands.

**Example:**

A web form lets users check if a server is online by entering an IP address. The server runs this code:

```bash
ping " + ip_address + "
```

If you enter `8.8.8.8; cat /etc/passwd`, the server runs:

```bash
ping 8.8.8.8; cat /etc/passwd
```

This command not only pings the address but also shows sensitive user information from the `/etc/passwd` file.

### Cross-Site Scripting (XSS)

**Cross-Site Scripting (XSS)** lets attackers inject malicious scripts into web pages viewed by other users. These scripts can steal cookies, hijack sessions, or manipulate web content.

**Example:**

A comments section displays user input without filtering. If you post this comment:

```html
<script>alert('Hacked!');</script>
```

Everyone who views the page will see a popup with the message `Hacked!`. Attackers can use similar scripts for more harmful actions, such as stealing session tokens.


Understanding these vulnerabilities helps you recognize risky patterns and protect your applications from common attacks.

Which statement best describes an injection attack?

A hands-on course guiding learners through the essentials of web application and API penetration testing, from foundational concepts to exploitation techniques and professional reporting. Includes real-world scenarios, practical tasks, and review questions to reinforce learning.

Covers the foundational knowledge required for web application and API penetration testing, including methodologies, ethics, and reconnaissance.

Focuses on identifying and exploiting common vulnerabilities in web applications and APIs through practical, hands-on tasks.

Covers the process of documenting findings, creating professional reports, and recommending remediation steps.

Injection Attacks

Common Types of Injection Vulnerabilities

SQL Injection

Command Injection

Cross-Site Scripting (XSS)