Comment Injection Attack

Patient Tools

Read, save, and share this guide

Use these quick tools to make this medical article easier to read, print, save, or share with a family member.

Article Summary

Comments injected into an application through input can be used to compromise a system. As data is parsed, an injected/malformed comment may cause the process to take unexpected actions that result in an attack. Examples The attacker may conduct this kind of attack with different programming or scripting languages: Database: If the attacker has the ability to manipulate queries which are sent to the database,...

Key Takeaways

  • This article explains Examples in simple medical language.
Before reading

RX Patient Tools

Use these quick guides before reading the article, or return to them when you need help preparing questions for a doctor.

Start here Choose the right pathway for symptoms, reports, medicines, or urgent warning signs. Disease article roadmap Read this topic step by step: meaning, symptoms, warning signs, diagnosis, treatment, prevention, and follow-up. Treatment planner Prepare questions about treatment choices, benefits, risks, side effects, and follow-up. Family & caregiver guide Organize symptoms, reports, medicines, questions, and follow-up safely. Nutrition & diet guide Prepare food, hydration, supplement, and medicine-timing questions safely. Prevention guide Organize risk factors, protective habits, screening, and warning signs. Recovery guide Prepare a safe plan for activity, rehabilitation, warning signs, and follow-up.
Educational health guideWritten for patient understanding and clinical awareness.
Reviewed content workflowUse writer and reviewer profiles for stronger trust.
Emergency safety firstUrgent warning signs are highlighted below.
Definition

Comments injected into an application through input can be used to compromise a system. As data is parsed, an injected/malformed comment may cause the process to take unexpected actions that result in an attack.

Examples

The attacker may conduct this kind of attack with different programming or scripting languages:

Database:

If the attacker has the ability to manipulate queries which are sent to the database, then they’re able to inject a terminating character too. The aftermath is that the interpretation of the query will be stopped at the terminating character: SELECT body FROM items WHERE id = $ID limit 1;

Let’s assume that the attacker has sent via the GET method the following data stored in variable $ID"1 or 1=1; #"

In the end the final query form is: SELECT body FROM items WHERE id = 1 or 1=1; # limit 1;

After the # character everything will be discarded by the database including limit 1, so only the last column body with all its records will be received as a query response.

Sequences that may be used to comment queries:

  • MySQL:#--
  • SQL: --
  • MS Access: %00 (hack!)
  • Oracle: --

Null byte:

To comment out some parts of the queries, the attacker may use the standard sequences, typical for a given language, or terminate the queries using their own methods being limited only by their imagination. An interesting example is a null byte method used to comment out everything after the current query in MS Access databases. More information about this can be found in Embedding Null Code .

Shell:

Shell (bash) also has the character #, which terminates interpretation.

For example (find.php):

<?
$ =sth $_GET['what];
system("/usr/bin/find -name '$sth' -type f");
?>

Using /find.php?what=*'%20%23* the attacker will bypass limitation *-type f* and this command:

/usr/bin/find -name '*' -type f

will become:

/usr/bin/find -name '*' #-type f

So the final form of the command is:

/usr/bin/find -name '*'

HTML (injection):

If there are no restrictions about who is able to insert comments, then using the start comment tags:

<!--

it’s possible to comment out the rest of displayed content on the website (invisible.php)

<?php
print "hello!: ";
print $_GET['user'];
print " Welcome friend!";
?>

After:

GET /invisible.php?user=<!--

There result will be:

hello!:

Doctor visit helper

Prepare before seeing a doctor

A simple rural-patient checklist to help you explain symptoms clearly, ask better questions, and avoid unsafe self-treatment.

Safety note: This is not a prescription or diagnosis. For severe symptoms, pregnancy danger signs, children with serious illness, chest pain, breathing difficulty, stroke-like weakness, or major injury, seek urgent care.

Which doctor may help?

Start with a registered doctor or the nearest qualified health center.

What to tell the doctor

  • Write when the problem started and how it changed.
  • Bring old prescriptions, investigation reports, and current medicines.
  • Write allergies, pregnancy status, diabetes, kidney/liver disease, and major past illnesses.
  • Bring one family member if the patient is weak, elderly, confused, or a child.

Questions to ask

  • What is the most likely cause of my symptoms?
  • Which danger signs mean I should go to hospital quickly?
  • Which tests are necessary now, and which can wait?
  • How should I take medicines safely and what side effects should I watch for?
  • When should I come for follow-up?

Tests to discuss

  • Vital signs: temperature, pulse, blood pressure, oxygen saturation
  • Basic physical examination by a clinician
  • CBC, urine test, blood sugar, or imaging only when clinically needed

Avoid these mistakes

  • Do not use antibiotics, steroid tablets/injections, or strong painkillers without proper medical advice.
  • Do not hide pregnancy, kidney disease, ulcer, allergy, or blood thinner use.
  • Do not delay emergency care when danger signs are present.

Medicine safety and first-aid guide

This section is for patient education only. It does not replace a doctor, pharmacist, or emergency care.

Safe first steps

  • Avoid heavy lifting, sudden bending, and prolonged bed rest.
  • Use comfortable posture and gentle movement as tolerated.
  • Discuss physiotherapy, X-ray, or MRI only when clinically needed.

OTC medicine safety

  • For mild back pain, pain-relief medicine may be discussed with a doctor or pharmacist.
  • Avoid repeated painkiller use if you have kidney disease, stomach ulcer, uncontrolled blood pressure, or are taking blood thinners.

Avoid these mistakes

  • Do not start antibiotics without a proper medical decision.
  • Do not use steroid tablets or injections casually for quick relief.
  • Do not delay emergency care because of home remedies.

Get urgent help if

  • Back pain with leg weakness, numbness around private area, loss of urine/stool control, fever, cancer history, or major injury needs urgent care.
Medicine names, dose, and timing must be decided by a qualified clinician or pharmacist after checking age, pregnancy, allergy, other diseases, and current medicines.

For rural patients and family caregivers

Patient health record and symptom diary

Write your symptoms, medicines already taken, test results, and questions before visiting a doctor. This note stays on your device unless you print or copy it.

Doctor to discuss: Doctor / qualified healthcare provider
Tests to discuss with doctor
  • Basic vital signs: temperature, pulse, blood pressure, oxygen level if needed
  • Relevant blood, urine, imaging, or specialist tests only after clinical assessment
Questions to ask
  • What is the most likely cause of my symptoms?
  • Which warning signs mean I should go to emergency care?
  • Which tests are really needed now?
  • Which medicines are safe for my age, pregnancy status, allergy, kidney/liver/stomach condition, and current medicines?

Emergency warning signs such as chest pain, severe breathing difficulty, sudden weakness, confusion, severe dehydration, major injury, or loss of bladder/bowel control need urgent medical care. Do not wait for online information.

Safe pathway to proper treatment

Care roadmap for: Comment Injection Attack

Use this simple roadmap to understand the next safe steps. It is educational and does not replace examination by a doctor.

Go to emergency care if you notice:
  • Severe or rapidly worsening symptoms
  • Breathing difficulty, chest pain, fainting, confusion, severe weakness, major injury, or severe dehydration
Doctor / service to discuss: Qualified healthcare provider; specialist depends on symptoms and examination.
  1. Step 1

    Check danger signs first

    If danger signs are present, seek emergency care and do not wait for online information.

  2. Step 2

    Record the symptom story

    Write when symptoms started, severity, medicines already taken, allergies, pregnancy status, and test results.

  3. Step 3

    Visit a qualified clinician

    A doctor, nurse, or qualified healthcare provider can examine you and decide which tests or treatment are needed.

  4. Step 4

    Do only useful tests

    Do tests after clinical assessment. Avoid unnecessary tests, random antibiotics, or repeated medicines without diagnosis.

  5. Step 5

    Follow up and return early if worse

    If symptoms worsen, new warning signs appear, or treatment is not helping, return for review quickly.

Rural patient practical tips
  • Take a written symptom diary and all previous prescriptions/test reports.
  • Do not hide medicines already taken, even herbal or over-the-counter medicines.
  • Ask which warning signs mean urgent referral to hospital.

This roadmap is for education. A real diagnosis and treatment plan requires history, examination, and clinical judgment.

Internal learning pathway

Explore related RX articles

Related guides from RX Harun are grouped to help readers move from overview to symptoms, tests, treatment, and safe next steps.

Rx iT World Hacking Tutorial
  1. Transient Blockage of the Internal Iliac Artery DefinitionThe internal iliac artery? is a crucial blood vessel in the pelvis?, responsible for supplying blood…
  2. GraphQL DefinitionGraphQL is an open source query language originally developed by Facebook that can be used to build…
  3. Forgot Password Service DefinitionIn order to implement a proper user management system, systems integrate a Forgot Password service that allows the…
  4. File upload DefinitionFile upload is becoming a more and more essential part of any application, where the user…
  5. Error Handling DefinitionError handling is a part of the overall security of an application. Except in movies, an…
  6. The .NET Framework DefinitionThe .NET Framework is Microsoft’s principal platform for enterprise development. It is the supporting API for…