nerdexam
EC-Council

312-50V13 · Question #554

Code injection is a form of attack in which a malicious user:

The correct answer is A. Inserts text into a data field that gets interpreted as code. Code injection is an attack where a malicious user inserts textual input into a data field, which the vulnerable system then misinterprets and executes as code.

Submitted by katya_ua· Mar 6, 2026Hacking Web Applications

Question

Code injection is a form of attack in which a malicious user:

Options

  • AInserts text into a data field that gets interpreted as code
  • BGets the server to execute arbitrary code using a buffer overflow
  • CInserts additional code into the JavaScript running in the browser
  • DGains access to the codebase on the server and inserts new code

How the community answered

(32 responses)
  • A
    88% (28)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Code injection is an attack where a malicious user inserts textual input into a data field, which the vulnerable system then misinterprets and executes as code.

AInserts text into a data field that gets interpreted as codeCorrect

Code injection occurs when a malicious user inputs data into an application, and that data is processed and executed by the application as code, rather than being treated merely as data.

BGets the server to execute arbitrary code using a buffer overflow

Getting a server to execute arbitrary code using a buffer overflow is a specific exploitation technique, not the broad definition of code injection which focuses on input interpretation.

CInserts additional code into the JavaScript running in the browser

Inserting code into the JavaScript running in the browser is a specific type of client-side script injection (XSS), which is a subset of code injection, but not its overarching definition.

DGains access to the codebase on the server and inserts new code

Gaining access to the codebase on the server and inserting new code describes backdooring or unauthorized code modification, which requires prior access and is distinct from exploiting input fields for injection.

Concept tested: Code injection attack definition

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/owasp-top-10

Topics

#code injection#malicious user#web application attack#data field interpretation

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice