Injection Attack is when untrusted data is sent to a code interpreter through a

form input or some other data submission to a web application.

Attacker can exploit injection flaws by constructing malicious commands or queries

that results in data loss or corruption etc.

For example, an attacker could enter SQL database code into a form that expects a
plaitext username. If that form input is not properly secured, this would result in
that SQL code being executed

Different types of Injection

1) SQL Injection
2) Ldap Injection
3) Command Injection
4) File Injection
5) Shell Injection

Steps to reproduce:-
1)
2)
3)

The POC is attached.

By exploiting injection we can achieve

1) Login bypass
2) Information Disclosure
3) Privilege Esclation
4) Information Alteration

Prevention :-

By validating and/or sanitizing user-submitted data. Only Allowed white listed

charecters