URL injection is a technique in which an intruder manipulates the URL to reach a certain file or directory that is supposed to be unaccessible. It can also mean that an attacker creates a URL within a domain to lure or redirect visitors which then transfers them to a completely different website or installs a file or application by infecting the injected URL. Typically this is possible because the website is not securely configurated (access to directories and files) and/or does not sufficiently validate URL-input by visitors. URL injection is often used to perform directory Traversal attacks or even SQL injection.