SQL injection (SQLi) is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action...

A couple of days ago, I was browsing Zone-H for checking Malaysian Website Defacecment activity, and I see that some Malaysian websites have been successfully hacked by

CVE-2018-13379 is a pre-authentication vulnerability that allows a threat actor to read arbitrary files by sending specially crafted HTTP requests to FortiOS devices.

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

As mentioned above, the site is a Mail Server for Cyber Security Malaysia, and I was able to access into the web (Public), which leads to injection vulnerabilities..