"PHP Injection," "ASP Injection," are terms coined which refer to various types of code injection attacks which allow an attacker to supply code to the server side scripting engine. In the case of "PHP Injection," the server side scripting engine is PHP.
In practice, PHP Injection is either the exploitation of "Dynamic Evaluation Vulnerabilities," "Include File Injection," or similar code injection vulnerabilities. Dynamic evaluation vulnerabilities
Steven M. Christey of mitre.org suggests this name for a class of code injection vulnerabilities. Dynamic evaluation vulnerabilities - eval injection
An eval injection vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call.
- 0 brukere syntes dette svaret var til hjelp