Injection
SQL Injection: Attackers inject SQL commands into queries to manipulate databases
NoSQL Injection: Similar to SQL Injection, but targets NoSQL databases like MongoDB, allowing attackers to modify or access unauthorized data
OS Command Injection: Malicious commands are injected into an operating system-level call, giving attackers control over the server
LDAP Injection: Attackers manipulate LDAP queries to modify or extract information from directory services, such as user credentials
ORM Injection: Object-Relational Mapping (ORM) frameworks used to interact with databases can be exploited to retrieve unauthorized records or execute unsafe queries
Expression Language Injection: Malicious input is executed within dynamic templates using expression languages like JSP, allowing attackers to execute unauthorized commands
OGNL Injection: OGNL (Object Graph Navigation Library) injections are used in frameworks to inject malicious expressions, typically affecting Java-based web applications