5 5




                               SQL, Code Injection, and



                                                                        Scanners





            Code injection is when unvalidated data is added (injected) into a vulnerable program and
            executed. Injection can occur in SQL, NoSQL, LDAP, XPath, NoSQL, XML parsers, and
            even through SMTP headers.

            The XSS vulnerabilities discussed in the previous chapter are also examples of code
            injection. When an unsanitized HTML tag with malicious code in its attribute is added to a
            web application's database via a comment thread or discussion board submission, that code
            is injected into the application and executed when other users view that same comment or
            discussion.

            For the purposes of this chapter though, we're going to focus on detecting and preventing
            code injection attacks related to databasesbSQL and NoSQL, respectively. We'll cover how
            to use CLI tools to test a form input for SQLi vulnerabilities, how to use similar techniques
            for NoSQLi, scanning for both SQLi and other injection attacks, and best practices for
            avoiding damage to your target's database.

            In this chapter, we will cover the following topics:

                      SQLi and other code injection attacks
                      Testing for SQLi with TRMNBQ
                      Trawling for bugs
                      Scanning for SQLi with Arachni
                      NoSQL injection
                      An end-to-end example of SQLi