JMU
Injection Vulnerabilities
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu


Overview
SQL Injection
SQL Injection (cont.)
Nerd Humor - Exploits of a Mom
http://imgs.xkcd.com/comics/exploits_of_a_mom.png
(Courtesy of xkcd)
SQL Injection (cont.)
SQL Injection (cont.)
SQL Injection (cont.)
SQL Injection (cont.)
SQL Injection - Other Things to Pay Attention To
Injection into Other Interpreters
Command/Instruction Injection
JSON Injection
Multi-Level Injection
Cross-Site Scripting (XSS)