Command Injection

8/15

Defeating XSS

Database Escape Characters

• Like XSS, but nasty stuff is intended for your server or database

• Different set of code/data delimiters:

• Database escapes and wildcard characters
• Shell escapes, wildcards, and metacharacters