With nearly every embedded device and enterprise management solution serving up a web console for management, we are faced with the question (does that web service properly filter incoming data?). Unfortunately, the answer to that question is No. My research has shown that simple name data is often overlooked. This includes, SSIDs, SNMP sysDesc and Hostnames, just to name a few, which are consumed by the applications and embedded devices without proper filtering. Over the last 4 years I have researched this issue, and discovered that nearly 50% of products tested were vulnerable to injection attacks via this vector. During this presentation I will be discussing these various injection vectors, and the attacks that I have successfully developed against targeted systems using these exploits.