-
Notifications
You must be signed in to change notification settings - Fork 214
SQL Injection
Sam Sanoop edited this page Jun 6, 2020
·
3 revisions
SQL injection is a vulnerability which allows an attacker to modify queries that an application makes to its database via user input. This could be abused to view, modify, or delete application data which wasn't previously possible, or causing persistent changes to the application's content or behaviour.
- XML External Entity Injection
- Server Side Request Forgery (SSRF)
- Username Enumeration
- NoSQL Injection
- Insecure Direct Object Reference
- Mass Assignment
- Cross Site Scripting (XSS)
- Hidden API Functionality Exposure
- SQL Injection
- Information Disclosure
- Insecure PostMessage Configuration
- Command Injection
- Prototype Pollution
- JSON Hijacking
- XPath Injection
- Cross Origin Resource-Sharing Misonfiguration
- JWT Secret Key Brute Force
- Vertical Access Control
- Horizontal Access Control
- Open Redirect
- Path Traversal
- Unsafe Deserialization
- Sensitive Data Exposure
- Arbitrary File Write
- Introspection Enabled
- GraphQL Access Control Issues
- GraphQL Batching Brute Force
- API Endpoint Brute Forcing
- CRLF Injection
- XML Injection
- XML Bomb Denial‐of‐Service
- SOAP Injection
- JSON CSRF
- LDAP Injection
- Rate Limit Bypass
- Client Side Template Injection