What is it?

Injection attacks occur when an attacker manipulates user input or application data in order to execute malicious commands or gain unauthorized access to sensitive information.
These attacks exploit weaknesses in the way applications process input data, typically by inserting specially crafted code or commands that are interpreted as valid instructions by the target system.
There are many types of injection, such as:
  • SQL injection
  • NoSQL injection
  • Cross-site scripting (XSS) / JavaScript injection
  • HTML injection
  • XML external entities (XXE)
  • Template injection
For more details on specific injection attacks, see the relevant child pages.