Etiqueta: Practitioner

Low-level logic flaw

Visible error-based SQL injection

CSRF where token validation depends on token being present

SQL injection attack, listing the database contents on Oracle

SQL injection attack, listing the database contents on non-Oracle databases

SQL injection attack, querying the database type and version on MySQL and Microsoft

SQL injection attack, querying the database type and version on Oracle

Exploiting XSS to bypass CSRF defenses

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Reflected XSS into a JavaScript string with single quote and backslash escaped