Stack Overflow
Stack Overflow

Questions tagged [code-injection]

Code injection is the general term for the result of a missing neutralization or improper neutralization of special elements of externally-influenced input, which could modify the syntax or behavior of the intended code.

Code injection is a type of consequence due to Improper Control of Generation of Code (CWE-94), which causes unauthorized code to be executed.

2439 questions
144
votes
12 answers

What is Dependency Injection and Inversion of Control in Spring Framework?

"Dependency Injection" and "Inversion of Control" are often mentioned as the primary advantages of using the Spring framework for developing Web frameworks Could anyone explain what it is in very simple terms with an example if possible?
Chillax
  • 4,418
  • 21
  • 56
  • 91
111
votes
5 answers

Spring: How to inject a value to static field?

With this class @Component public class Sample { @Value("${my.name}") public static String name; } If I try Sample.name, it is always 'null'. So I tried this. public class Sample { public static String name; @PostConstruct …
Whiteship
  • 1,799
  • 3
  • 16
  • 15
100
votes
7 answers

How does this site infecting script work?

My Joomla! website has been repeatedly hacked into. Someone, somehow, managed to inject the following rubbish into the key php scripts, but I mean not to talk about configuring Joomla. The site is not visited much (at times I fear I might be the…
Peter Perháč
  • 20,434
  • 21
  • 120
  • 152
93
votes
12 answers

Can parameterized statement stop all SQL injection?

If yes, why are there still so many successful SQL injections? Just because some developers do not use parameterized statements?
iceagle
  • 1,507
  • 2
  • 13
  • 13
82
votes
5 answers

Refused to execute a JavaScript script. Source code of script found within request

In WebKit I get the following error on my JavaScript: Refused to execute a JavaScript script. The source code of script found within request. The code is for a JavaScript spinner, see ASCII Art. The code used to work OK and is still working…
doekman
  • 18,750
  • 20
  • 65
  • 86
61
votes
7 answers

How to prevent Javascript injection attacks within user-generated HTML

I am saving user-submitted HTML (in a database). I must prevent JavaScript injection attacks. The most pernicious I have seen is JavaScript in a style="expression(...)". In addition to this, a fair amount of valid user content will include special…
Jeff Meatball Yang
  • 37,839
  • 27
  • 91
  • 125
61
votes
8 answers

How to prevent code injection attacks in PHP?

I am a bit confused, there are so many functions in PHP, and some using this, some using that. Some people use: htmlspecialchars(), htmlentities(), strip_tags() etc Which is the correct one and what do you guys usually use? Is this correct (advise…
bbtang
  • 5,665
  • 8
  • 33
  • 27
57
votes
4 answers

Force x86 CLR on an 'Any CPU' .NET assembly

In .NET, the 'Platform Target: Any CPU' compiler option allows a .NET assembly to run as 64 bit on a x64 machine, and 32 bit on an x86 machine. It is also possible to force an assembly to run as x86 on an x64 machine using the 'Platform Target: x86'…
jeffora
  • 4,009
  • 2
  • 25
  • 38
51
votes
1 answer

PHP MySQLI Prevent SQL Injection

I've build a website that will be going live soon and just have a couple questions about preventing SQL injection, I understand how to use mysqli_real_escape_string but I'm just wondering if I have to use that on all variables that I'm getting for…
user2201765
  • 1,017
  • 6
  • 18
  • 21
40
votes
8 answers

How do I prevent DLL injection

So the other day, I saw this: http://www.edgeofnowhere.cc/viewtopic.php?p=2483118 and it goes over three different methods of DLL injection. How would I prevent these from the process? Or at a bare minimum, how do I prevent the first one? I was…
Clark Gaebel
  • 17,280
  • 20
  • 66
  • 93
40
votes
1 answer

How to inject custom content via Nginx?

Is there a way to inject a few lines of script etc. for each served php/html/etc. page? For example some custom javascript after -tag? I know, you should be able to use lua in nginx but is there a better solution? I am running multiple different…
pasuna
  • 1,405
  • 2
  • 15
  • 21
34
votes
3 answers

How to inject jquery to any webpage

Is there any way to inject jQuery into any page as we do with javascript(from url). with javascript we do this javascript:alert("b"); I tried this but I don't know why it dosen't work javascript:var x = document.getElementsByTagName("head")[0]; var…
elti musa
  • 710
  • 2
  • 7
  • 14
34
votes
7 answers

Sharing memory between two processes (C, Windows)

Since I haven't found an answer to the question asked previously here I'm trying a different approach. Is there any way to share memory between two processes? The second process gets the information from an injection since it's a legacy program…
wonderer
  • 3,487
  • 11
  • 49
  • 59
30
votes
2 answers

doctrine2 dql, use setParameter with % wildcard when doing a like comparison

I want to use the parameter place holder - e.g. ?1 - with the % wild cards. that is, something like: "u.name LIKE %?1%" (though this throws an error). The docs have the following two examples: 1. // Example - $qb->expr()->like('u.firstname',…
waigani
  • 3,570
  • 5
  • 46
  • 71
29
votes
3 answers

Constructor injection into a base class using autofac

I have an abstract base controller which has a constructor I hoped would be populated by autofac when the controllers were built. public abstract class BaseController : Controller { protected ILogger { get; private set; } protected…
gav
  • 554
  • 1
  • 6
  • 10
1
2 3
99 100