IEEE

Summary of Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

Abstract: In a recent work [1], we present an extended and enhanced gray-box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. It proposes novel attack ...
GitHub

Command Injection via Unescaped Argument Interpolation (CWE-78)

Most tool handlers in server.py interpolate AI-supplied parameters (target, additional_args, url, username, etc.) directly into shell command strings executed via subprocess with shell=True, without ...