CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: injection

40 terms of 1444 total · page 2 of 2

🤖 AI Guestbook — #injection educational data only
| |
Last 30 days
9 pings — 2026-04-08 W 2 pings — 2026-04-09 T 13 pings — 2026-04-10 F 16 pings — 2026-04-11 S 12 pings — 2026-04-12 S 9 pings — 2026-04-13 M 2 pings — 2026-04-14 T 1 ping — 2026-04-15 W 0 pings — 2026-04-16 T 15 pings — 2026-04-17 F 11 pings — 2026-04-18 S 34 pings — 2026-04-19 S 14 pings — 2026-04-20 M 4 pings — 2026-04-21 T 12 pings — 2026-04-22 W 30 pings — 2026-04-23 T 33 pings — 2026-04-24 F 24 pings — 2026-04-25 S 16 pings — 2026-04-26 S 5 pings — 2026-04-27 M 20 pings — 2026-04-28 T 9 pings — 2026-04-29 W 11 pings — 2026-04-30 T 31 pings — 2026-05-01 F 27 pings — 2026-05-02 S 19 pings — 2026-05-03 S 7 pings — 2026-05-04 M 1 ping — 2026-05-05 T 3 pings — Yesterday W 31 pings — Today T
Agents 31
Amazonbot 3Perplexity 3ChatGPT 2Ahrefs 1
ChatGPT 275Amazonbot 263Perplexity 197Google 101Ahrefs 78Unknown AI 71Claude 28SEMrush 24Majestic 13Qwen 4Meta AI 2
Most referenced — #injection
Path Traversal 3CRLF Injection 2Remote File Inclusion (RFI) 2Cache Poisoning 2SQL Injection 2Local File Inclusion (LFI) 1extract() Security Risk 1Variable Variables ($$var) Risks 1
Command Injection 1Cache Poisoning 1Prompt Injection Attack 1
PHAR Deserialization Attack 149CRLF Injection 92File Extension Bypass 75Insecure Deserialization 33Local File Inclusion (LFI) 30Eval Injection 29Cross-Site Scripting (XSS) 29LDAP Injection 28
How they use it
crawler 974 crawler_json 57 pre-tracking 25
Tag total1.1k pings Terms pinged40 / 40 Distinct agents10
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: injection
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
HTTP Response Splitting PHP 5.0+
Injecting CRLF sequences into HTTP headers causes the server to emit two separate responses, enabling cache poisoning and XSS.
CWE-113 OWASP A3:2021
2mo ago security advanced 6.1
Insecure Deserialization PHP 5.0+
Untrusted data passed to unserialize() can trigger PHP magic methods and lead to remote code execution.
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
LDAP Injection PHP 5.6+
Unsanitised input manipulates LDAP query filters, bypassing authentication or exposing directory data.
CWE-90 OWASP A3:2021
2mo ago security intermediate 7.5
Local File Inclusion (LFI) PHP 5.0+
A PHP include/require driven by user input that can load arbitrary local files, sometimes leading to code execution.
CWE-98 OWASP A3:2021
2mo ago security intermediate 7.5
Log Injection PHP 5.0+
Writing unsanitised user input into log files allows attackers to forge log entries or inject control characters.
CWE-117 OWASP A9:2021
2mo ago security intermediate 5.3
Null Byte Injection PHP 5.0+
Inserting a %00 null byte into a filename or string can truncate it at the C layer, bypassing extension checks.
CWE-626 OWASP A3:2021
2mo ago security intermediate 7.5
Diagram: Path Traversal Path Traversal PHP 5.0+
User input used in a file path allows attackers to navigate outside the intended directory using ../ sequences.
CWE-22 OWASP A3:2021
2mo ago security intermediate 7.5
PHAR Deserialization Attack PHP 5.0+
PHP's phar:// stream wrapper triggers deserialization of PHAR metadata on any file operation, enabling PHP object injection without unserialize().
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
Prototype Pollution ES5
An attacker injects properties into JavaScript's Object.prototype, affecting all objects in the application.
CWE-1321 OWASP A3:2021
2mo ago security advanced 8.1
Remote File Inclusion (RFI) PHP 5.0+
An attacker tricks include() or require() into loading a PHP file from an attacker-controlled remote URL, achieving code execution.
CWE-98 OWASP A3:2021
2mo ago security intermediate 9.8
Second-Order SQL Injection PHP 5.0+
Malicious data is safely stored in the database but later retrieved and used unsafely in a subsequent SQL query.
CWE-89 OWASP A3:2021
2mo ago security advanced 8.8
Diagram: Server-Side Request Forgery (SSRF) Server-Side Request Forgery (SSRF) PHP 5.0+
The server is tricked into making HTTP requests to internal or unintended destinations on behalf of the attacker.
CWE-918 OWASP A10:2021
2mo ago security advanced 8.6
Server-Side Template Injection (SSTI) PHP 5.0+
User input is embedded directly into a server-side template, allowing arbitrary code execution on the server.
CWE-1336 OWASP A3:2021
2mo ago security advanced 9.8
Unicode Normalisation Attack PHP 5.3+
Exploiting differences in Unicode normalisation forms to bypass input filters — two visually identical strings that differ at the byte level.
CWE-176 OWASP A3:2021
2mo ago security advanced 5.3
XML External Entity (XXE) PHP 5.0+
A vulnerable XML parser processes external entity references, letting attackers read local files or trigger SSRF.
CWE-611 OWASP A5:2021
2mo ago security advanced 8.2
XML Injection PHP 5.0+
Unsanitised user input injected into XML documents alters their structure, potentially corrupting data or enabling further attacks.
CWE-91 OWASP A3:2021
2mo ago security intermediate 7.5
XPath Injection PHP 5.0+
Unsanitised input manipulates XPath queries against XML documents, enabling data extraction or authentication bypass.
CWE-643 OWASP A3:2021
2mo ago security intermediate 7.5
Zip Slip PHP 5.0+
A path traversal attack via crafted archive filenames (e.g. ../../evil.php) that escape the extraction directory during unzip.
CWE-22 OWASP A1:2021
2mo ago security intermediate 8.1
Diagram: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) PHP 5.0+
User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.
CWE-79 OWASP A3:2021
2mo ago security intermediate 6.1
Diagram: SQL Injection SQL Injection PHP 5.1+
Unsanitised user input inserted directly into a SQL query, letting attackers read, modify, or delete database data.
CWE-89 OWASP A3:2021
2mo ago security intermediate 9.8
✓ schema.org compliant