Injection Attacks

This module covers less common but impactful injection vulnerabilities beyond the usual SQLi, Command Injection, and XSS.

Table of Contents

• Introduction to Injection Attacks

• XPath Injection

  • Introduction

  • Authentication Bypass

  • Data Exfiltration

  • Advanced Data Exfiltration

  • Blind Exploitation

  • Prevention & Tools

• LDAP Injection

  • Introduction

  • Authentication Bypass

  • Data Exfiltration & Blind Exploitation

  • Prevention

• HTML Injection in PDF Generators

  • Introduction

  • Exploitation

  • Prevention

• NoSQL Injection

  • Introduction

  • Bypassing Authentication

  • In-Band Data Extraction

  • Blind Data Extraction

  • Automating Blind Extraction

  • Server-Side JavaScript Injection

• Skills Assessment (TBD)