IEEE

Summary of Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

Abstract: In a recent work [1], we present an extended and enhanced gray-box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. It proposes novel attack ...
GitHub

Command Injection via Unescaped Argument Interpolation (CWE-78)

Most tool handlers in server.py interpolate AI-supplied parameters (target, additional_args, url, username, etc.) directly into shell command strings executed via subprocess with shell=True, without ...
IEEE

Approaches to Identifying SQL Injection Vulnerabilities

Abstract: There are now more online tools and applications and some concerns have been raised with regard to cyber threats. SQL injection enables the hacker to exploit vulnerabilities in web ...