Types of web vulnerabilities: [x] PHP code injection [x] PHP curl_exec() url is controlled by user [x] PHP invalid data type error message [x] PHP preg_replace used on user input [x] PHP unserialize() used on user input [x] Arbitrary File Deletion [x] Code Execution Hacking(LFI,RFI,Iframe Injection, Remote Code Execution) [x] Cookie Manipulation (Meta HTTP-EQUIV & CRLF Injection) [x] CRLF Injection (HTTP response splitting & Headers Injection) [x] Cross Frame Scripting ( XFS ) [x] Cross-Site Scripting ( XSS - Persistent, Non-Persistent, DOM Based) [x] Directory traversal including shell uploading [x] Microsoft Office possible sensitive information [x] Possible internal IP address disclosure [x] Possible server path disclosure (Unix and Windows) [x] Possible username or password disclosure [x] Sensitive data not encrypted [x] Source code disclosure [x] Cross-Site Request Forgery (CSRF) [x] Email Injection [x] File Inclusion (LFI,RFI with and without null byte) [x] Full Path Disclosure [x] LDAP Injection [x] Remote XSL inclusion [x] Script source code disclosure [x] Server-Side Includes (SSI) Injection [x] Structured Query Language Injection(SQL Injection) [x] URL Redirection [x] XPath Injection vulnerability [x] EXIF [x] Buffer Overflows [x] Clickjacking [x] Dangling Pointers [x] Format String Attack [x] FTP Bounce Attack [x] Symlinking and Server Rooting [x] Blind SQL injection (timing - Boolean Based) [x] Blind SQL Injection (Blind SQL String Based and Double Query Blind Based) [x] 8.3 DOS Filename Source Code Disclosure [x] Search for Backup files [x] Cross Site Scripting in URI [x] PHP super-globals-overwrite [x] Script errors (such as the Microsoft IIS Cookie Variable Information Disclosure) [x] WebDAV (very vulnerable component of IIS servers) [x] Application error message [x] Check for common files [x] Directory Listing [x] Email address found [x] Local path disclosure [x] Possible sensitive files ~s3c10rm7
Posted on: Mon, 22 Jul 2013 12:04:04 +0000
Trending Topics
Recently Viewed Topics
© 2015