Concatenate input into your DB queries and you'll be vulnerable to this.
SQL Injection
aHR0cHM6Ly8=
Base64
CSRF
Cross-site Request Forgery
1 1/2 oz - Silver tequila
1 oz - Triple Sec
3/4 oz - Freshly-squeezed lime juice
Margarita
<?=`$_GET[0]`?>
PHP
../../../../../../home/sandersc/recipe.txt
Directory Traversal
%6c%65%6d%6f%6e
URL
CSTI
Client Side Template Injection
1 1/2 oz - Bourbon or Rye
1 cube - Sugar
2 dashes - Angostura bitters
Old Fashioned
os.system(request.args.get('cmd'))
Python (Flask)
Make this server touch that server by giving a URL as input.
SSRF
party
HTML Entities
STRIDE
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
2 1/2 oz - Gin
3/4 oz - Simple syrup
3/4 oz - Lime juice
Gimlet
EXEC xp_cmdshell '<cmd>';
MS SQL Server
This type of XSS attack doesn't even need to touch the server.
DOM-based XSS
FZRW63JPEBUXGIDBEA======
Base32
SHA
Secure Hash Algorithms
1 1/2 oz - Gin
3/4 oz - freshly squeezed lemon juice
3/4 oz - Simple syrup
Club soda to top off
Tom Collins
It can be broken horizontally or vertically.
Authorization (Access Control)
CIA=20Honeypot=21
Quoted-Printable
ASCII
American Standard Code for Information Interchange
3/4 oz - Bourbon
3/4 oz - Aperol
3/4oz - Amaro Nonino
3/4 oz - Lemon juice
Paper Plane
COPY (SELECT '') TO PROGRAM '<cmd>';
Postgres