Stack Overflow
Stack Overflow

Questions tagged [code-injection]

Code injection is the general term for the result of a missing neutralization or improper neutralization of special elements of externally-influenced input, which could modify the syntax or behavior of the intended code.

Code injection is a type of consequence due to Improper Control of Generation of Code (CWE-94), which causes unauthorized code to be executed.

2439 questions
19
votes
3 answers

Inject JAXBContext into spring

I am trying to inject a JAXBContext into spring application context, by: It…
yzandrew
  • 785
  • 1
  • 11
  • 25
19
votes
2 answers

Is Swift vulnerable to code injection?

I was reading about Cycript and Cydia Substrate and how they can be used for code injection attacks on an iOS app. Code like this should scare you if you are working in a high security environment. (Ignore the /etc/password part, just consider the…
Paul Cezanne
  • 8,629
  • 7
  • 59
  • 90
19
votes
2 answers

Guice injection null pointer

We try to refactoring a project with Guice. The idea is to bind all the Language interface to a concreate object like French or Polish. We have a module for binding: public class StandardModule extends AbstractModule { @Override protected…
user1810567
  • 1,129
  • 3
  • 14
  • 22
18
votes
7 answers

Prevent existing CSS from styling injected HTML/CSS

I'm working on a project which injects JS+CSS+HTML over web pages which I do not have control over. I am concerned about the host page styling my injected code -- I want my injected code to only obey my styling, and not theirs. At the moment the…
Tom Corelis
  • 4,990
  • 11
  • 35
  • 48
18
votes
1 answer

Preventing NoSQL injections with Elasticsearch

I'm building an Elasticsearch query using QueryBuilders in my backend. The cluster is not directly exposed to the internet, and only accessed through the backend. I've noticed that I am providing it with un-santized user input, and it reminded me…
Ynv
  • 1,824
  • 3
  • 20
  • 29
18
votes
1 answer

Unsatisfied dependencies for type X with qualifiers @Default

I'm trying to inject an object of a given type (Greeter) on an EJB running inside Wildfly 8.2. However, the deployment always fails with the message Unsatisfied dependencies for type Greeter with qualifiers @Default I tried to annotate both the…
Martin
  • 1,317
  • 3
  • 13
  • 18
18
votes
8 answers

Merge two exe files into one programmatically

Is there a way to merge two exe files into one, programmatically, so that running it would execute both older exe files together. I found some things on google about injecting code or dll files but is it possible two merge two exe files or to inject…
Auxiliary
  • 2,687
  • 5
  • 37
  • 59
18
votes
1 answer

Is it possible to inject a list of resolved objects into a constructor using Autofac?

I'm new to Autofac (3) and am using it to find a number of classes in several assemblies that implement IRecognizer. So I have: builder.RegisterAssemblyTypes(AppDomain.CurrentDomain.GetAssemblies()).As(); which is fine. But I'd like to…
n4cer500
  • 743
  • 1
  • 8
  • 21
18
votes
2 answers

Javascript script element set inner text

We need to add a javascript element inside an iframe (its inside the same web/domain so no security problems attached). We got it working but dont know how to fill the script content betwen its tags...how would you do it? var iframe =…
VSP
  • 2,367
  • 8
  • 38
  • 59
17
votes
3 answers

Injecting code into APK

I know you can decompile code using apktool and recompile it again, but my question is how would you be able to inject large amounts of code into an apk and execute it. I see that amazon's appstore drm is doing this Im assuming, since they say they…
Faisal Abid
  • 8,900
  • 14
  • 59
  • 91
17
votes
2 answers

Is it safe to use user's RegEx?

I want to add a feature to my website to let users search the texts with RegEx. But, is it safe to let the users do something like that ? preg_match('/' . $user_input_regex . '/', $subject);
Sdgsdg Asgasgf
  • 205
  • 2
  • 6
17
votes
3 answers

Angularjs custom filter and dependency injection

I'm new to AngularJS and i see this syntax a lot: function someFunc(){ return function(input){ return 'hello' + input; } } The function above is a general syntax i tend to see a lot but problem is specific with this example for custom…
Aviel Fedida
  • 4,004
  • 9
  • 54
  • 88
17
votes
9 answers

Is code injection possible in Java?

nowadays you can read much about code injection, exploits, buffer-, stack- and heap-overflows etc. leading to inject and run code. I wonder what of this stuff is relevant for Java. I know, there are no pointers in the Java language. But doesn't the…
c0d3x
  • 2,593
  • 6
  • 23
  • 18
17
votes
7 answers

Ways to stop people from uploading GIFs with injections in them?

I have a PHP website where people can fill out help-tickets. It allows them to upload screenshots for their ticket. I allow gif, psd, bmp, jpg, png, tif to be uploaded. Upon receiving the upload, the PHP script ignores the file extension. It…
Lakey
  • 1,948
  • 2
  • 17
  • 28
16
votes
3 answers

How to safely write JSON data to file using PHP

I've got HTML form for editing images. All data is stored in JSON. When I change current image, I want to save changes, through PHP script, to a text file. If I return to previous image, this configuration will be send again from this file to the…
Max Barnas
  • 309
  • 1
  • 2
  • 13
1 2
3
99 100