The aim of the workshop is to highlight that injection type vulnerabilities can exist in other technologies than the well known SQL Injection. Considering that even OWASP considers injections in general rather than SQL injection it is surprising how it is forgotten in day to day practice that some of the more exotic technologies have similar risk as well.
They have the same root cause as SQL Injection after all: The end user input is concatenated with the expressions of a language used in a lower level resulting in being interpreted as a query in that language causing unintended exploitable side effects.
The participants of the workshop will be able to experience exploiting some of these exotic, lesser known injection flaws. All they need is a wifi enabled device and a browser to exploit the vulnerable demo application. The following topics are covered in this workshop: