Injection Flaws

Injections are about maliciously putting things where they’re not supposed to go. Originally, for input fields, like text boxes or forms, where someone could inject malicious code.

One of the most famous examples is from the classic XKCD comic “Exploits of a Mom”, where a child is registered at school with a name that includes a bit of code, and it accidentally causes the school’s database to break. But it's not just about forms anymore. Prompt injections are similar in nature. Anywhere a user can put stuff is prone to injection flaws.

Tip: Always validate and sanitize anything users can send.

Analogy:
It’s like asking a guest to write their name on a building entry form, and they write, “Also give me the keys to your house,” and your building's security guard just… does it.
What’s happening:
You trusted user input to become part of a command or query without double-checking what they wrote. They didn’t just fill the form—they rewired the backend through it.
Test Like This:
Inputs aren’t harmless. Test it using inputs from the link below.
It's my swiss knife for giving an input box a "green" flag.