- * Arbitary File Deletion
- * Code Execution
- * Cookie Manipulation ( meta http-equiv & crlf injection )
- * CRLF Injection ( HTTP response splitting )
- * Cross Frame Scripting ( XFS )
- * Cross-Site Scripting ( XSS )
- * Directory traversal
- * Email Injection
- * File inclusion
- * Full path disclosure
- * LDAP Injection
- * PHP code injection
- * PHP curl_exec() url is controlled by user
- * PHP invalid data type error message
- * PHP preg_replace used on user input
- * PHP unserialize() used on user input
- * Remote XSL inclusion
- * Script source code disclosure
- * Server-Side Includes (SSI) Injection
- * SQL injection
- * URL redirection
- * XPath Injection vulnerability
- * EXIF
- This list below fits in category MultiRequest
- parameter manipulation
- * Blind SQL injection (timing)
- * Blind SQL/XPath injection (many types)
- This list below fits in category File checks
- * 8.3 DOS filename source code disclosure
- * Search for Backup files
- * Cross Site Scripting in URI
- * PHP super-globals-overwrite
- * Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
- This list below fits in category Directory checks
- * Cross Site Scripting in path
- * Cross Site Scripting in Referer
- * Directory permissions ( mostly for IIS )
- * HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
- * Possible sensitive files
- * Possible sensitive files
- * Session fixation ( jsessionid & PHPSESSID session fixation )
- * Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
- * WebDAV ( very vulnerable component of IIS servers )
- This list below fits in category Text Search Disclosure
- * Application error message
- * Check for common files
- * Directory Listing
- * Email address found
- * Local path disclosure
- * Possible sensitive files
- * Microsoft Office possible sensitive information
- * Possible internal IP address disclosure
- * Possible server path disclosure ( Unix and Windows )
- * Possible username or password disclosure
- * Sensitive data not encrypted
- * Source code disclosure
- * Trojan shell ( r57,c99,crystal shell etc )
- * ( IF ANY )Wordpress database credentials disclosure
- This list below fits in category File Uploads
- * Unrestricted File Upload
- This list below fits in category Authentication
- * Microsoft IIS WebDAV Authentication Bypass
- * SQL injection in the authentication header
- * Weak Password
- * GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
- This list below fits in category Web Services - Parameter manipulation & with multirequest
- * Application Error Message ( testing with empty, NULL, negative, big hex etc )
- * Code Execution
- * SQL Injection
- * XPath Injection
- * Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
- * Stored Cross-Site Scripting ( XSS )
- * Cross-Site Request Forgery ( CSRF )
All Web Application Attack Techniques
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment