لیست کامل آسیب پذیری های مربوط به وبسایت ها
Arbitary File Deletion
Code Execution
(Cookie Manipulation (meta http-equiv & crlf injection
(CRLF Injection (HTTP response splitting
(Cross Frame Scripting (XFS
(Cross-Site Scripting (XSS
Directory traversal
Email Injection
File inclusion
Full path disclosure
LDAP Injection
PHP code injection
PHP curl_exec() url is controlled by user
PHP invalid data type error message
PHP preg_replace used on user input
PHP unserialize() used on user input
Remote XSL inclusion
Script source code disclosure
Server-Side Includes (SSI) Injection
SQL injection
URL redirection
XPath Injection vulnerability
EXIF
Blind SQL injection (timing)
(Blind SQL/XPath injection (many types
۸٫۳ DOS filename source code disclosure
Search for Backup files
Cross Site Scripting in URI
PHP super-globals-overwrite
Script errors such as the Microsoft IIS Cookie Variable Information Disclosure
حمله های مشهور به حمله دیکشنری
Cross Site Scripting in path
Cross Site Scripting in Referer
(Directory permissions (mostly for IIS
(HTTP Verb Tampering (HTTP Verb POST & HTTP Verb WVS
Possible sensitive files
Possible sensitive files
(Session fixation (jsessionid & PHPSESSID session fixation
(Vulnerabilities (e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc
(WebDAV (very vulnerable component of IIS servers
حمله های افشاء جستجو
Application error message
Check for common files
Directory Listing
Email address found
Local path disclosure
Possible sensitive files
Microsoft Office possible sensitive information
Possible internal IP address disclosure
(Possible server path disclosure (Unix and Windows
Possible username or password disclosure
Sensitive data not encrypted
Source code disclosure
(Trojan shell (r57,c99,crystal shell etc
۹IF ANY )Wordpress database credentials disclosure)
اپلود فایل
Unrestricted File Upload
حمله های رایج
Microsoft IIS WebDAV Authentication Bypass
SQL injection in the authentication header
Weak Password
(GHDB – Google hacking database ( using dorks to find what google crawlers have found like passwords etc
حمله های وب و سرور
(Application Error Message (testing with empty, NULL, negative, big hex etc
Code Execution
SQL Injection
XPath Injection
(Blind SQL/XPath injection (test for numeric,string,number inputs etc
(Stored Cross-Site Scripting (XSS
(Cross-Site Request Forgery (CSRF
به امید موفقیت🏴☠🔰
https://t.me/tem_ALFA