In this chapter, we discussed various injection flaws. An injection flaw is a serious vulnerability in web applications, as the attacker can gain complete control over the server by exploiting it. We also examined how, through different types of injection, a malicious attacker can gain access to the operating system. This could then be used to attack other servers on the network. When attackers exploit a SQL injection flaw, they can access sensitive data on the backend database. This can prove to be devastating to an organization.
In the next chapter we will get to know a particular type of injection vulnerability, Cross-Site Scripting, which allows attackers to change the way pages are presented to a user by injecting, or tricking the user into injecting, script code in request's parameters.