Remote File Inclusion Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator’s goal is to exploit the r...

Nosql Injection NoSQL injection vulnerability is an error in a web application that uses a NoSQL database. This web application security issue lets a malicious party bypass authentication, extract...

Multi-Factor Authentication Bypass At times, the implementation of two-factor authentication is flawed to the point where it can be bypassed entirely. If the user is first prompted to enter a pas...

Mass Assignment -> Horizontal Privilege Escalation Software frameworks sometime allow developers to automatically bind HTTP request parameters into program code variables or objects to make usi...

Mass Assignment -> Vertical Privilege Escalation Software frameworks sometime allow developers to automatically bind HTTP request parameters into program code variables or objects to make using...

JWT Authentication Bypass -> Weak Signing Key JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems. They can theoretically contain any...

JWT Authentication Bypass -> Unverified Signature JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems. They can theoretically contain...

JWT Authentication Bypass -> jku header injection JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems. They can theoretically contain...

JWT Authentication Bypass -> Algorithm Confusion JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems. They can theoretically contain ...

JWT Authentication Bypass -> None Algorithm JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems. They can theoretically contain any k...