It is possible, however, to inject code or malware to a program.
In a simple manner, An injection attack is when the back-end system accepts the data that the malicious user(the person who is intended to create destruction) supplies input without any validation and treats it as a command.
When the data is in the form that the system expects it is all good, but if the hacker is able to inject commands, for example, drop a table in the form of data then we have a problem.
Let me explain it with a simple example. Let a person named Jack is walking in the desert when suddenly he is suddenly bitten by a snake. He rushed to the hospital where the doctor checks for venom in his blood, so what is venom made up of?
Snake venom is mainly made up of proteins and so when you are bitten by a venomous snake, the snake injects highly concentrated proteins into your body in this venom commands the body to shut down and it can cause some serious damage including death.
Proteins are good for you if it is taken in the right amount in concentration. So don’t forget to eat proteins.
However, if the amount of concentration and protein in your body is more than what it can handle then we have a problem.
But the body treats it as a command to shut down bad protein is a command that is mass like data.
When data is interpreted as data, it is good. When the data is interpreted as a command, we have an injection attack.
|1.||Code injection||Injects application code which can execute operating system commands as the user running the web application.||Full system compromise|
|3.||OS Command injection||Injects operating system commands as the user running the web application. Advanced changes to this attack can leverage vulnerabilities to privilege escalation that can compromise the system fully.||Full system compromise|
|4.||SQL injection (SQLi)||Injects SQL commands that can read or modify data from a database||•Authentication bypass|
•Loss of data integrity
•Denial of service
•Full system compromise
Injection attacks are not just very hazardous but are also very widespread, notably for heritage applications, particularly in SQL injection (SQLi) and cross-site scripting (XSS).