312-50V13 · Question #554
Code injection is a form of attack in which a malicious user:
The correct answer is A. Inserts text into a data field that gets interpreted as code. Code injection is an attack where a malicious user inserts textual input into a data field, which the vulnerable system then misinterprets and executes as code.
Question
Options
- AInserts text into a data field that gets interpreted as code
- BGets the server to execute arbitrary code using a buffer overflow
- CInserts additional code into the JavaScript running in the browser
- DGains access to the codebase on the server and inserts new code
How the community answered
(32 responses)- A88% (28)
- B6% (2)
- C3% (1)
- D3% (1)
Why each option
Code injection is an attack where a malicious user inserts textual input into a data field, which the vulnerable system then misinterprets and executes as code.
Code injection occurs when a malicious user inputs data into an application, and that data is processed and executed by the application as code, rather than being treated merely as data.
Getting a server to execute arbitrary code using a buffer overflow is a specific exploitation technique, not the broad definition of code injection which focuses on input interpretation.
Inserting code into the JavaScript running in the browser is a specific type of client-side script injection (XSS), which is a subset of code injection, but not its overarching definition.
Gaining access to the codebase on the server and inserting new code describes backdooring or unauthorized code modification, which requires prior access and is distinct from exploiting input fields for injection.
Concept tested: Code injection attack definition
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/owasp-top-10
Topics
Community Discussion
No community discussion yet for this question.