Insecure Deserialization Insecure deserialization is when user-controllable data is deserialized by a website. This potentially enables an attacker to manipulate serialized objects in order to pas...
Html Injection
Html Injection HTML Injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection att...
Host Header Injection -> Password Reset Poisoning
Host Header Injection -> Password Reset Poisoning Password reset poisoning is a technique whereby an attacker manipulates a vulnerable website into generating a password reset link pointing to ...
Host Header Injection -> Authentication Bypass
Host Header Injection -> Authentication Bypass Host header injection exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the H...
Directory Bruteforce
Directory Bruteforce Exploitation
Cross-Side Request Forgery
Cross-Side Request Forgery (csrf) Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. ...
Cross-Origin Resource Sharing
Cross-Origin Resource Sharing Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexib...
Code Injection
Code Injection Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. Code Injection differs from Command Injecti...
Clickjacking
Clickjacking Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website Expl...
Captcha Bypass -> Missing Parameter
Captcha Bypass -> Missing Parameter CAPTCHA Is a type of challenge–response test used in computing to determine whether the user is human or a bot. Sometimes, web application fails to validate ...