Content injection attack

Content injection refers to inserting malicious content into a legitimate site. In addition to deceptive actions such as redirecting to other sites, malicious content can install crimeware on a user’s computer through a web browser vulnerability or by social engineering, such as asking a user to download and install anti-virus software that actually contains crimeware.

There are three primary classes of content injection attacks, each of which has many possible variations:


 * Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.
 * Crimeware can be inserted into a site through a cross-site scripting vulnerability.
 * Malicious actions can be performed on a site through a SQL injection vulnerability. This is a way to cause database commands to be executed on a remote server. Such command execution can cause information leakage, provide a vector for vandalism, or enable injection of malicious content that will subsequently be transmitted to a victim. Like cross-site scripting vulnerabilities, SQL injection vulnerabilities are a result of improper filtering.

Cross-site scripting and SQL injection are propagated through two different primary vectors. In one vector, malicious content is injected into data stored on a legitimate web server, which a victim is exposed to. In the other vector, malicious content is embedded into a URL that the user visits when he or she clicks on a link. This is commonly a URL that includes components that will be displayed on screen or used as part of a database query, such as an argument to a search function.