Injection
user controls string which is passed to command line
might be escaped, but correctly?
&&, &, |, ||, ;
recursive?
base64 encoded?
CSRF
Attacker defines request, which is sent with authentication cookie of the victim:
define link in email (only GET)
create website with malicious JS code (POST, DELETE, ..) and send link to this website to victim
Mitigation:
SOP
CSRF token
SameSite cookie
File Inclusion
server loads/displays file, which is specified by user
e.g.: use GET parameter to specifiy path of file
white-listing files
white-listing directory where auto generated files are stored
Last changed2 years ago