Injection attacks occur when untrusted data is sent to an interpreter as part of a command or query. APIs are vulnerable to SQL injection, NoSQL injection, command injection, and GraphQL injection.
// Normal login request body
{"username": "alice", "password": "secret"}
// NoSQL injection payload
{"username": {"$gt": ""}, "password": {"$gt": ""}}
// MongoDB interprets $gt as 'greater than empty string' = always trueGraphQL APIs can be vulnerable to batching attacks, introspection abuse, and injection through unsanitized query variables.
Verify exercises to earn ★ 160 XP and unlock next lab level.