Code injection refers to the act of injecting arbitrary external code in an application. There are two types of code injection:
- Injection into vulnerable programs.
- Injection into non-vulnerable programs.
If code injection is done in vulnerable applications, it is done via exploitation of a bug which occurs when processing invalid data. In this case, the extent of code injection is dependent on the bug in the application, which we also refer to as “vulnerability”. The problem with this scenario is that the application should have a bug that can be leveraged to gain code execution.