slides/web-app-security/command-injection.xml
Command Injection
16/28
UTF-8 Encoding
DB Escape Characters
  • • Like XSS, but nasty stuff is intended for your server or database
  • • Different set of code/data delimiters:
  • • Database escapes and wildcard characters
  • • Shell escapes, wildcards, and metacharacters