Over at Mokka mit Schlag Elliotte Rusty Harold (he teaches Java/XML at Poly) is asking whether SQL is the only language with injection attack vector? What about XML/ XPath, JSON, etc. Is there a comprehensive attack-tree for injection attacks? See if you can answer some of these questions.
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 United States License.
When one talks about a SQL injection, the only thing that makes it an ‘injection’ is that it’s in the SQL domain. When we inject code into some pre-rendered HTML it’s a cross site scripting attack. When we overflow a buffer of machine code, we’re overflowing the buffer. In reality, in all of these cases we are simply mixing the data with the control channel and assigning each variation a different name.
You can argue that the majority of security issues deal with this unclear separation of data and control, we just end up giving it a new buzzword every time we reference it. After all, saying a “SQL overflow” is too ambiguous, or a “HTML injection” is at the danger of just sounding lame
Your link to elharo.com seems down at the moment, but at least for the XML injection… iSEC Partners have been doing quality XML injection work for the past few years with lots of it showing up at Blackhat and Defcon. Just check https://www.isecpartners.com/speaking.html for “Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0.”