Server-Side Template Injection(SSTI) Server Side Template Injection vulnerabilities (SSTI) occur when user input is embedded in a template in an unsafe manner and results in remote code execution ...

Local File Inclusion Local file inclusion (also known as LFI) is a vulnerability that allows attacker to includes files that are already locally present on the server i.e /etc/passwd which can lea...

LDAP Injection LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. Detecting LDAP Injection From the below image, we have been ...

Path traversal Path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference ...

CRLF Injection A Carriage Return Line Feed (CRLF) Injection vulnerability is a type of Server Side Injection which occurs when an attacker inserts the CRLF characters in an input field to deceive ...

Blind Command Injection Blind Command Injection is a cyber attack that involves executing arbitrary commands on a host operating system (OS) but does not return the output from the command within...

Command Injection Command Injection is a cyber attack that involves executing arbitrary commands on a host operating system (OS). Command injection attacks are possible when an application passes ...

Blind XML External Entity Blind XXE vulnerabilities arise where the application is vulnerable to XXE injection but does not return the values of any defined external entities within its responses....

Recon

Privilege Escalation