From the course: JavaScript: Security Essentials
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Example of SSJI code - JavaScript Tutorial
From the course: JavaScript: Security Essentials
Example of SSJI code
- [Instructor] So, let's take a look at a few examples of server-side injections. So, if you go into the Exercise Files, click on CH5, and then 05_02. In the begin folder you'll see an SSJI file, which is a JavaScript file. You can drag and drop this file into Visual Studio Code if you're on a Mac, or right click on Windows, and then Open with Code. And, I'm going to close this. So, these are examples of code that could be used to inject code into your server. For example, the use of eval() to parse user input, so if you have a form that has a body with a preTax value, and then eval() actually is used to evaluate this value, this could be used to inject server code. In the form we could pass something like while(1) and then as this form is executed then the server could be rendered useless. Never use eval(), setInterval(), setTimeout() and Function() in any of your form, or any of your code because these can be used to be pass values to it, and then when we use the form we could pass…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.