48 docs tagged with "Web Application Pentesting"

Unlike first-order SQLi, the injection doesn’t happen right away — it’s triggered in a separate step, often in a different part of the application.

Application Logic Flaws — methodology, techniques, and references.

This repository hosts a professional Proof of Concept (PoC) showcasing the Clickjacking vulnerability in web applications. Clickjacking represents a…

Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a…

CORS — methodology, techniques, and references.

CRLF — methodology, techniques, and references.

Cross-Site Request Forgery (CSRF) is an attack that tricks a user into executing unwanted actions on a web application where they are authenticated. By…

1. User Input: Test serialized data from forms, APIs, or URL parameters.

Directory Traversal — methodology, techniques, and references.

DOM-based XSS occurs when the vulnerability is in the JavaScript code running in the browser, rather than in the server-side response. The malicious…

Got it! Here's a nicely formatted and easy-to-read Markdown table and cheatsheet for IDOR (Insecure Direct Object Reference) payloads, bypasses, and…

Arbitrary Cookie Flags — methodology, techniques, and references.

Back button attack — methodology, techniques, and references.

Broken Authentication — methodology, techniques, and references.

BruteForce Attack — methodology, techniques, and references.

Captcha Bypass — methodology, techniques, and references.

Command Injection — methodology, techniques, and references.

Credential Stuffing — methodology, techniques, and references.

Host Header Injection — methodology, techniques, and references.

Improper Error Handling — methodology, techniques, and references.

Information Disclosure — methodology, techniques, and references.

Insecure Object Storage — methodology, techniques, and references.

Insufficient Security Controls — methodology, techniques, and references.

Insufficient Transport Layer Protection — methodology, techniques, and references.

Misconfigured HTTP Headers — methodology, techniques, and references.

Open Redirect — methodology, techniques, and references.

Outdated TLS Version — methodology, techniques, and references.

Path Traversal — methodology, techniques, and references.

Privilege Escalation — methodology, techniques, and references.

Race Condition — methodology, techniques, and references.

This payload is designed to exploit a Remote Code Execution (RCE) vulnerability through a file upload mechanism that accepts .jpg files. The payload is…

Security Header Missing — methodology, techniques, and references.

Server Misconfigurations — methodology, techniques, and references.

Session Fixation — methodology, techniques, and references.

tabnabbing — methodology, techniques, and references.

Unrestricted File Upload — methodology, techniques, and references.

Unsecured API Endpoints — methodology, techniques, and references.

Unvalidated Redirects and Forwards — methodology, techniques, and references.

Weak Ciphers — methodology, techniques, and references.

Web Cache Deception — methodology, techniques, and references.

Open File Upload — methodology, techniques, and references.

Server-Side Template Injection (SSTI) is a type of security vulnerability that occurs when user input is insecurely embedded in server-side templates,…

The impact of a successful SQL Injection attack can be severe, affecting the integrity, confidentiality, and availability of data. Some of the most…

SSRF — methodology, techniques, and references.

Welcome to the Web Application Penetration Testing repository. You will get help with OWASP standard references, as well as common test cases that get…

XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing…

Bypassing WAF (Web Application Firewall) in XSS (Cross-Site Scripting) attacks relies on exploiting various techniques and methods to bypass the…

XSS is exploited when the attacker can successfully execute any type of script (for example, JavaScript) on the victim's browser. These types of flaws…