Pnig0s1992 P.S:Just follow this to learn Web Attack.
This list is not full, if there is some attack I missed post in thread please.
This list below fits in category Parameter manipulation
- Arbitary File Deletion
- Code Execution
- Cookie Manipulation ( meta http-equiv & crlf injection )
- CRLF Injection ( HTTP response splitting )
- Cross Frame Scripting ( XFS )
- Cross-Site Scripting ( XSS )
- Directory traversal
- Email Injection
- File inclusion
- Full path disclosure
- LDAP Injection
- PHP code injection
- PHP curl_exec() url is controlled by user
- PHP invalid data type error message
- PHP preg_replace used on user input
- PHP unserialize() used on user input
- Remote XSL inclusion
- Script source code disclosure
- Server-Side Includes (SSI) Injection
- SQL injection
- URL redirection
- XPath Injection vulnerability
- EXIF
This list below fits in category
MultiRequest parameter manipulation- Blind SQL injection (timing)
- Blind SQL/XPath injection (many types)
This list below fits in category
File checks- 8.3 DOS filename source code disclosure
- Search for Backup files
- Cross Site Scripting in URI
- PHP super-globals-overwrite
- Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
This list below fits in category
Directory checks- Cross Site Scripting in path
- Cross Site Scripting in Referer
- Directory permissions ( mostly for IIS )
- HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
- Possible sensitive files
- Possible sensitive files
- Session fixation ( jsessionid & PHPSESSID session fixation )
- Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
- WebDAV ( very vulnerable component of IIS servers )
This list below fits in category
Text Search Disclosure- Application error message
- Check for common files
- Directory Listing
- Email address found
- Local path disclosure
- Possible sensitive files
- Microsoft Office possible sensitive information
- Possible internal IP address disclosure
- Possible server path disclosure ( Unix and Windows )
- Possible username or password disclosure
- Sensitive data not encrypted
- Source code disclosure
- Trojan shell ( r57,c99,crystal shell etc )
- ( IF ANY )Wordpress database credentials disclosure
This list below fits in category
File Uploads- Unrestricted File Upload
This list below fits in category
Authentication- Microsoft IIS WebDAV Authentication Bypass
- SQL injection in the authentication header
- Weak Password
- GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
This list below fits in category
Web Services - Parameter manipulation & with multirequest- Application Error Message ( testing with empty, NULL, negative, big hex etc )
- Code Execution
- SQL Injection
- XPath Injection
- Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
- Stored Cross-Site Scripting ( XSS )
- Cross-Site Request Forgery ( CSRF )
本文转hackfreer51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/500382
,如需转载请自行联系原作者
