Code Injection
highinjection-attack
Attacker injects malicious code that gets executed by the application
TamperingElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1059 | Command and Scripting Interpreter | Execution |
| T1190 | Exploit Public-Facing Application | Initial Access |
Common Weakness Enumeration
Mitigating controls
ctrl-inject-1- Validate and sanitize all user inputs
ctrl-inject-2- Use parameterized queries and prepared statements
ctrl-inject-3- Implement Content Security Policy (CSP)
ctrl-inject-4- Apply output encoding for different contexts
ctrl-inject-5- Use Web Application Firewalls (WAF)