Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Code injection
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Benign and unintentional use== Code injection may be done with good intentions. For example, changing or tweaking the behavior of a program or system through code injection can cause the system to behave in a certain way without malicious intent.<ref>{{Cite web|last=Srinivasan|first=Raghunathan|title=Towards More Effective Virus Detectors|url=http://www.public.asu.edu/~rsriniv8/Documents/srini-das.pdf|work=Arizona State University|access-date=18 September 2010|quote=Benevolent use of code injection occurs when a user changes the behaviour of a program to meet system requirements.|archive-url=https://web.archive.org/web/20100729023112/http://www.public.asu.edu/~rsriniv8/Documents/srini-das.pdf|archive-date=29 July 2010}}</ref><ref>{{cite book | last1=Morales | first1=Jose Andre | last2=Kartaltepe | first2=Erhan | last3=Xu | first3=Shouhuai | last4=Sandhu | first4=Ravi | title=Computer Network Security | series=Lecture Notes in Computer Science | volume=6258 | pages=229–241 | chapter=Symptoms-Based Detection of Bot Processes | publisher=Springer | location=Berlin, Heidelberg | year=2010 | isbn=978-3-642-14705-0 | issn=0302-9743 | doi=10.1007/978-3-642-14706-7_18| citeseerx=10.1.1.185.2152 }}</ref> Code injection could, for example: * Introduce a useful new column that did not appear in the original design of a search results page. * Offer a new way to filter, order, or group data by using a field not exposed in the default functions of the original design. * Add functionality like connecting to online resources in an offline program. * Override a function, making calls redirect to another implementation. This can be done with the [[Dynamic linker]] in [[Linux]].<ref>{{Cite web|url=https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/|title=Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs|date=2013-04-02|website=Rafał Cieślak's blog|access-date=2016-12-10|archive-date=25 December 2021|archive-url=https://web.archive.org/web/20211225191742/https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/|url-status=live}}</ref> Some users may unsuspectingly perform code injection because the input they provided to a program was not considered by those who originally developed the system. For example: * What the user may consider as valid input may contain token characters or strings that have been [[reserved word|reserved]] by the developer to have special meaning (such as the [[ampersand]] or quotation marks). * The user may submit a malformed file as input that is handled properly in one application but is toxic to the receiving system. Another benign use of code injection is the discovery of injection flaws to find and fix vulnerabilities. This is known as a [[penetration test]].
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)