Learn with me :)

    What is Formula injection? 📌Formula injection, also known as CSV Injection occurs when the application export dynamically constructed spreadsheet documents (example .csv or .xls ) which may contain untrusted user-supplied data. 📌Upon opening the exported document, recipient's spreadsheet program can interpret those untrusted data/inputs as formulas and execute them on the recipient's system. 📌The attacker usually injects a malicious payload or formula into the input field. Once the data is exported and the file is opened, the spreadsheet application interprets and executes the malicious input on the assumption of a standard macro. H ow does it happen?    A spreadsheet program such as Microsoft Excel or Libre Office Calc etc. provides various in-built functions and formulas that can be used to perform other data analysis.  In the case of formula injection, any cells starting with special characters, eg, " = ", " + ", " - ", or " @ ...

  What is SQL injection? ✔ SQL injection is a code injection technique that uses malicious SQL code to access information/data that was not intended to be displayed. It can be used to obtain unauthorized access to the underlying data, structure, and DBMS.  ✔ SQL Injection attacks are one of the oldest, most prevalent, and most dangerous web application vulnerabilities. The OWASP organization lists injections in their OWASP Top 10 2017 document as the number 1 threat to web application security.  ✔ SQL injection vulnerability occurs when the application sends user input to the interpreter without sanitizing it and user input can be used to query database. SQL queries are used to execute commands, such as data retrieval, updates, and record removal. Types Of SQL Injection Attacks : SQL Injection can be classified into three major categories In-band SQL Injection Inferential SQL Injection Out-of-band SQL Injection 1) In-band SQL Injections When the attacker uses the same c...