Application Logic Flaws
Application Logic Flaws β methodology, techniques, and references.
Arbitrary Cookie Flags
Arbitrary Cookie Flags β methodology, techniques, and references.
Back button attack
Back button attack β methodology, techniques, and references.
Broken Authentication
Broken Authentication β methodology, techniques, and references.
BruteForce Attack
BruteForce Attack β methodology, techniques, and references.
Captcha Bypass
Captcha Bypass β methodology, techniques, and references.
Clickjacking
1 item
Command Injection
Command Injection β methodology, techniques, and references.
CORS
CORS β methodology, techniques, and references.
Credential Stuffing
Credential Stuffing β methodology, techniques, and references.
CRLF
CRLF β methodology, techniques, and references.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that tricks a user into executing unwanted actions on a web application where they are authenticated. Byβ¦
Deserialization Vulnerability
1. User Input: Test serialized data from forms, APIs, or URL parameters.
Directory Traversal
Directory Traversal β methodology, techniques, and references.
Host Header Injection
Host Header Injection β methodology, techniques, and references.
IDOR
Got it! Here's a nicely formatted and easy-to-read Markdown table and cheatsheet for IDOR (Insecure Direct Object Reference) payloads, bypasses, andβ¦
Improper Error Handling
Improper Error Handling β methodology, techniques, and references.
Information Disclosure
Information Disclosure β methodology, techniques, and references.
Insecure Object Storage
Insecure Object Storage β methodology, techniques, and references.
Insufficient Security Controls
Insufficient Security Controls β methodology, techniques, and references.
Insufficient Transport Layer Protection
Insufficient Transport Layer Protection β methodology, techniques, and references.
Misconfigured HTTP Headers
Misconfigured HTTP Headers β methodology, techniques, and references.
Open File Upload
Open File Upload β methodology, techniques, and references.
Open Redirect
Open Redirect β methodology, techniques, and references.
Outdated TLS Version
Outdated TLS Version β methodology, techniques, and references.
Path Traversal
Path Traversal β methodology, techniques, and references.
Privilege Escalation
Privilege Escalation β methodology, techniques, and references.
Race Condition
Race Condition β methodology, techniques, and references.
Remote Code Execution (RCE)
This payload is designed to exploit a Remote Code Execution (RCE) vulnerability through a file upload mechanism that accepts .jpg files. The payload isβ¦
Security Header Missing
Security Header Missing β methodology, techniques, and references.
Server Misconfigurations
Server Misconfigurations β methodology, techniques, and references.
Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) is a type of security vulnerability that occurs when user input is insecurely embedded in server-side templates,β¦
Session Fixation
Session Fixation β methodology, techniques, and references.
SQL Injection
1 item
SSRF
SSRF β methodology, techniques, and references.
tabnabbing
tabnabbing β methodology, techniques, and references.
Unrestricted File Upload
Unrestricted File Upload β methodology, techniques, and references.
Unsecured API Endpoints
Unsecured API Endpoints β methodology, techniques, and references.
Unvalidated Redirects and Forwards
Unvalidated Redirects and Forwards β methodology, techniques, and references.
Weak Ciphers
Weak Ciphers β methodology, techniques, and references.
Web Cache Deception
Web Cache Deception β methodology, techniques, and references.
XML External Entity (XXE)
XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processingβ¦
XSS
2 items