1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

Reflection Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
Java, JEE, J2EE, JSP, ASP.Net, Mono

Target Type:
Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
08/12/2007

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs can create and manipulate server-side class instances


Direct Variant:

Reflection Injection

Variant Title:
Reflection Injection

Typical Severity:
Major

Resources:

CAPEC

Vulnerapedia

OWASP Attacks

Other I

White Papers:

Paper I

Learn More:


Persistent Variant:

Stored Reflection Injection

Also Known As:
Persistent Reflection Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

Reflection Injection via Session Puzzling

Also Known As:
Session Reflection Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More:




TECAPI ©

Join