Object Injection to SQL Injection
by Walleson Moura (@phor3nsic_br) NodeJS + Sqlstring In this section, we will explain a curious case of sql injection, a possible scenario, details of the issue, possible impacts and mitigations. What is Object Injection? Object Injection is an application-level vulnerability that could allow an attacker to execute different types of malicious methods, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when the input required by the user is not properly sanitized… (OWASP). …