Generic attacks aren't a separate type of attack but rather are ones identified by characteristics such as malicious strings or paths or known hostile IP addresses. They lack subtlety, but they can do serious damage if not blocked.
Shell code creates or takes control of a trusted application that can run any commands. The term comes from the operating system shells which let users or scripts run commands, but malware shells take many forms. Another term for shell is "backdoor." An attacker can launch a shell by breaking an account's security, tricking a user into installing malware, or taking advantage of a vulnerability. Malware shells are versatile, and some are persistent, continuing to steal information for weeks or months.
SQL injection relies on buggy code which communicates with a database. Relational databases get requests in the SQL language, which Web applications generate on the fly. A common trick is to manipulate form data with SQL commands and mismatched quotes. If a Web application fails to detect this trick, it may put the unauthorized command into the SQL stream, allowing theft or alteration of data.
Other types of injection use similar tricks to introduce headers, commands, or JavaScript. CRLF injection relies on the convention of using a line break (carriage return + line feed) to separate commands and data fields. It might allow the execution of an intruder-specified command or modify a file's headers to change its behavior. This is also known as response splitting. HTML injection can introduce scripts, links, and display elements into a page if the server doesn't filter them out from user input.
Cross-site scripting (XSS) uses various techniques to get a page to execute JavaScript from an outside source. It can use HTML injection or infiltrate a trusted JavaScript source. XSS can steal cookies or redirect users to another site. The rogue JavaScript runs on the browser, but in most cases, it won't be obvious to a user without special tools.
Vulnerability exploits target known weaknesses in software. Repositories such as the
National Vulnerability Database list known issues in published software where patches are available. They alert network owners to problems that need fixing, but criminals are equally aware of them. Keeping software up to date avoids this risk, but businesses can't always update their systems regularly. The small number in the list doesn't mean this attack is rare, but rather than the Web Application Firewall catches most vulnerability exploits by other methods and classifies them accordingly.