# 3. Injection

{% embed url="<https://owasp.org/Top10/A03_2021-Injection/>" %}

## Description <a href="#description" id="description"></a>

An application is vulnerable to attack when:

* User-supplied data is not validated, filtered, or sanitized by the application.
* Dynamic queries or non-parameterized calls without context-aware escaping are used directly in the interpreter.
* Hostile data is used within object-relational mapping (ORM) search parameters to extract additional, sensitive records.
* Hostile data is directly used or concatenated. The SQL or command contains the structure and malicious data in dynamic queries, commands, or stored procedures.

Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include static (SAST), dynamic (DAST), and interactive (IAST) application security testing tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.

## THM Lab

### Task 10 - Command Injection

#### 10.1 - What strange text file is in the website's root directory?

{% hint style="info" %}

{% endhint %}

#### 10.2 - How many non-root/non-service/non-daemon users are there?<br>

<br>

{% hint style="info" %}

{% endhint %}

#### 10.3 - What user is this app running as?<br>

<br>

{% hint style="info" %}

{% endhint %}

#### 10.4 - What is the user's shell set as?<br>

<br>

{% hint style="info" %}

{% endhint %}

#### 10.5 - What version of Alpine Linux is running?<br>

<br>

{% hint style="info" %}

{% endhint %}

<details>

<summary>Flag Task 10.5</summary>

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev-angelist.gitbook.io/tryhackme-ctf/owasp/3.-injection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.