MANY

Web_Security/README.md

@@ -477,6 +477,7 @@ GIF89a(...binary data...)
 <?php phpinfo();  ?> (...
 ```
 
+
 ### Identifying File Handling Bugs
 
 * Fuzz and grep response for file system related messages:
@@ -493,6 +494,24 @@ qr / ((could not|cannot|unable to) (open|find|access|read)|(path|file) not found
 ```
 
 
+###  Meta-character Injection Bugs
+
+* File Input/Output is a common place where meta-character injection comes into play.
+
+* For example if file ="../../../../../etc/passwd" below:
+
+```
+$file = $_GET['file'];
+$fd = fopen("/var/www/$file");
+```
+* Even if it had a txt extension it wouldn't matter. The reason is that PHP strings are indiferent to NLL byte, so all  the attacker needs to insert is "../../../../../etc/passwd%00":
+
+```
+$file = $_GET['file'];
+$fd = fopen("/var/www/$file.txt");
+```
+* PHP NULL byte insertion and directory traversal are common.
+
 
 ---
 

Web_Security/SQLi/README.md

@@ -2,9 +2,18 @@
 
 ![](http://i.imgur.com/AcVJKT2.png)
 
+* SQL works by building query statements, these statements are intended to be readbale and intuitive.
+
+
 * A SQL query  search can be easily manipulated and assume that a SQL query search is a reliable command. This means  that SQL searches are capable of passing, unnoticed, by access control mechanisms. 
 * Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database. 
 
+* Exploitation:
+	- Dumping contents from the database.
+	- Inserting new data.
+	- Modifying existing data.
+	- Writing to disk.
+
 ## The Simplest Example
 
 A parameter passed for a name of a user: