Webセキュリティ覚書 : "攻撃" 編 [ 初学者向け ] ref: https://qiita.com/Tsutou/items/4fd498f8ab2638bd5650

file0.sql

SELECT * FROM users WHERE id='$user_id' and password='$password'

file1.sql

SELECT * FROM users WHERE id='$user_id' and password='' or '1' = '1'

file10.html

http://hanzai.com?location=%0d%0d<script type=”text/javascript”>alert(“アホなの？”);</script>

file11.xml

<?xml version="1.0"?>
<str><data1>aaa</data1><data2>bbb</data2></str>

file12.xml

<?xml version="1.0"?>
<!DOCTYPE str [
<!ENTITY pass SYSTEM "/etc/password">
]>
<str><data1>&password;</data1><data2></data2></str>

file2.sql

SELECT * FROM users WHERE id= ? and password= ?  

file3.php

$sql = "SELECT * FROM users WHERE id= ? and password= ? ";

//プリペアードステートメント->実行したいSQLをコンパイルした一種のテンプレート
$sth = $dbh->prepare($sql);

//1つ目の?にバインド
$sth->bindParam(1, $user_id, PDO::PARAM_STR);

//2つ目の?にバインド
$sth->bindParam(2, $password, PDO::PARAM_INT);

//PDPStatement::excecute-> プリペアドステートメントを実行する
$sth->execute();

file4.html

<input type="text" name= 'nickname' >

file5.php

<?php echo $_POST['nickname']; ?>

file6.html

<script type=”text/javascript”>
　alert("お前はアホなのか？");
</script>

file7.erb

& => &
< => &lt;
> => &gt;
" => &quot;
' => &#39;

file8.php

function escape($str) {
    return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}

file9.txt

106662
106664
106666
106668
106669
106675