SHODWE TEAM www.reallygreatsite.

com

CODE
INJECTION
Protecting Our Digital World

Reporters: Palania, Regalado, Mangoda, Muaña,

Oca
SHODWE TEAM www.reallygreatsite.com

WHAT IS CODE
INJECTION?
Definition of Code Injection:
Code injection is a type of security vulnerability that occurs
when an attacker is able to insert or "inject" malicious code
into an application, which is then executed by the
application. This typically happens when an application
improperly handles untrusted input, allowing the attacker’s
input to be treated as executable code. The injected code
can be in various forms, such as SQL queries, shell
commands, or scripts, depending on the nature of the
vulnerability.
 SHODWE TEAM www.reallygreatsite.com

CODE INJECTION POSES SEVERAL

SERIOUS THREATS:
1. Unauthorized Code Execution
Nature: The primary threat in code
injection is that it allows attackers to
execute arbitrary code on the target
system
2. Data Theft and Breaches
Nature: Attackers can inject code to
extract sensitive information from
databases or application files.
 SHODWE TEAM www.reallygreatsite.com

CODE INJECTION POSES SEVERAL

SERIOUS THREATS:
3. System Compromise
Nature: In some cases, code injection
allows attackers to gain control over
the underlying operating system by
executing shell commands.
 SHODWE TEAM www.reallygreatsite.com

COMMON EXAMPLES OF CODE INJECTION:

SQL Injection:
An attacker injects malicious SQL queries into input fields that interact with the database, potentially
allowing them to read, modify, or delete database records.

Command Injection:
The attacker injects operating system commands into an application, which are then executed by the
system, potentially leading to full system compromise.

Cross-Site Scripting (XSS):

The attacker injects malicious scripts into web pages viewed by other users, allowing them to steal session
cookies, deface websites, or redirect users to malicious sites.
CHARACTERISTICS

Features/Characteristics

Impact/Damage
CHARACTERISTICS OF
CODE INJECTION
Exploitation of User Input: Injecting code through text fields,
URLs, etc.
Execution of Arbitrary Code: Allows unauthorized system actions.
Language-Specific: Targets specific environments, like SQL
databases or web browsers.
Bypassing Security: Can circumvent authentication and access
controls.
Common Types: SQL Injection, Command Injection, XSS.
Mitigation: Input validation, prepared statements, least
privilege, and security audits.
CODE INJECTION
FLOWCHART
How big of an impact/damage it can do?

Complete System Takeover: Attackers

can gain full control over the
targeted system. This allows them to
manipulate, steal, or destroy data,
install malware, and create backdoors
for future access
How big of an impact/damage it can do?

Data Theft:
Sensitive information such as
usernames, passwords, and credit card
details can be extracted and sent
back to the attacker.
How big of an impact/damage it can do?

System Disruption:
Attackers can manipulate files,
disrupt system processes, or even
cause a complete system crash.
 GHOSTSHELL ATTACK

GHOSTSHELL HACKING COLLECTIVE:

A group of hackers and security

specialist who formed collective in 2012.

The group targeted a range of

organizations globally this includes
government agencies, education
institutions, libraries, and other
miscellaneous site across various
industries.
 GHOSTSHELL ATTACK

WHAT HAPPENED?
The GhostShell hacking collective launched a series of large-scale cyber
attacks in 2012 using SQL injection to infiltrate and exploit
vulnerabilities in web applications, they claimed to have stolen 1.6
million accounts and passwords along with other sensitive information from
various high profile organizations.

a post from Team GhostShell in Pastebin

“For those two factors we have prepared a juicy release of 1.6 million
accounts/records from fields such as aerospace, nanotechnology, banking, law,
education, government, military, all kinds of wacky companies & corporations
working for the department of defense, airlines and more.”
 GHOSTSHELL ATTACK

WHEN DID IT HAPPEN?

The attack occurred in 2012. As part#ProjectWhiteFox – Freedom of
Information. During a period of hacktivism was on the rise and making
headlines worldwide.

WAS THE CASE SOLVED?

The identities of GhostShell members remain unknown, and no public

resolution or apprehension has been reported. The incident highlighted
significant cybersecurity weaknesses globally.
GHOSTSHELL ATTACK

Founder of GhostShell
GHOSTSHELL ATTACK

TheNextWeb was approached by a man using a generic

Yahoo email address.
 GHOSTSHELL ATTACK
@DeadMellox — another pseudonym that had
been tied to GhostShell, but has since been
abandoned.

the founder provided pastebin login that

was confirmed to be legitimate, and was
used by the ghostShell official twitter
account to desseminate leaked info before
its suspension.
 REDHACK

REDHACK:

A Turkish hacking collective known for its

activism, operating independently but
often compared to Anonymous.
 REDHACK

WHAT HAPPENED?
RedHack discovered and exploited an authentication vulnerability on the
Istanbul Special Provincial Administration’s portal (ioi.gov.tr), using a
basic SQL injection technique. They publicly announced the vulnerability,
encouraged others to exploit it, and reportedly deleted financial
obligations from the portal.

WHEN DID IT HAPPEN?

The incident occurred in June 2013, coinciding with ongoing protests in
Turkey’s capital, Ankara.
 REDHACK

WAS THE CASE SOLVED?

The portal was taken offline shortly after the attack, but there is no
public information indicating that the perpetrators were identified or
apprehended, leaving the case unresolved. The attack was part of a broader
wave of protests and digital activism in Turkey at the time.
 REDHACK

“those who cannot be disciplined with advice should be

scolded, those who cannot be disciplined with scolding
deserve Redhack.”
SHODWE TEAM www.reallygreatsite.com

DEFENSE MECHANISMS TO COUNTER

THE THREAT
SQL Injection Prevention

Use Parameterized Statements :

This helps to separate user

input from SQL code.
SHODWE TEAM www.reallygreatsite.com

DEFENSE MECHANISMS TO COUNTER

THE THREAT
SQL Injection Prevention

Input Validation:

Validate and sanitize user

inputs on both the client and
server sides.
SHODWE TEAM www.reallygreatsite.com

DEFENSE MECHANISMS TO COUNTER

THE THREAT
Cross-Site Scripting Prevention

Input Validation and Sanitization:

Helps ensure user input adheres

to expected formats and
neutralize potential harmful
contents
SHODWE TEAM www.reallygreatsite.com

DEFENSE MECHANISMS TO COUNTER

THE THREAT
Cross-Site Scripting Prevention

Escape User-Generated Content:

To ensure user input are treated

as literal text not interpreted
as code
SHODWE TEAM www.reallygreatsite.com

Cybersecurity Presentation

THANK YOU FOR

ATTENTION
See You Next