A second-order code injection attack is the process where malicious code is injected into a web-based application and not immediately executed but is stored by the application to be retrieved, rendered and executed by the victim later.
In this paper we will further explain second-order code injection attacks, providing examples of the types of attacks that could occur the paper will also describe ways of testing for vulnerabilities and provide ways of protecting against these types of attacks.
