SQL Injections: Occurs when untrusted data is used to construct dynamic SQL statements using string concatenation. Consider the following example
Dynamic SQL Concatenationpublic void doGet(HttpServletRequest request, HttpServletResponse response) { try { //Retrieve the "userName" parameter from the GET request String userName = request.getParameter("username"); //Perform an SQL query for the roles associated with the given "username" String result = doQuery("SELECT roles FROM userroles WHERE username = '" + userName +"'"); response.getOutputStream().print(result); } }If an attacker manipulated username and entered: "' or '1'='1". The query would read (attacker's payload in red
SELECT roles FROM userroles WHERE username ='' or '1'='1'
This query would give the attacker all the roles possible. There are several forms of SQL injections like blind SQL injection and others. They all share the main idea of using user-controllable data to construct SQL statements.
Cross-site Scripting: occurs when the application uses untrusted data to build HTML back to the browser. An attacker could use this vulnerability to inject malicious script into user's browser, possibly gaining full control over the user browsers.
Consider the following example:<html> <head> <title>Reflected Cross-site Scripting Example</title> </head> <body> <div>The following error occurred:</div> <div><%=request.getParameter("msg")%></div> </body> </html>- Parameter Tampering:
- Command Injection:
- Cross-site Request Forgery:
- Weak Authentication:
- Weak Authorization
- Insecure File Upload:
- Invalidated Redirects: