Web Vulnerabilities WriteUps

Cross-Site Scripting (XSS)

Content Security Policy (CSP)


Html Injection


Clickjacking (UI redressing)


Cross-Site Request Forgery (CSRF)


Cross Origin Resource Sharing (CORS)

Same Origin Policy (SOP)


Open Redirect

  1. [Report-260744] Open Redirect and XSS on Twitter: https://dev.twitter.com/https:/%5cblackfan.ru/

  2. [Report-119236] Open Redirect on Uber: IP address to a single number


Information Disclosure


Denial Of Service (DOS)


Simple Storage Service (S3)


SQLI

  1. Tesla motors blind sql injection ’ + sleep(10) + ‘


External Xml Entity (XXE)

BLIND - XXE OOB ❌


Insecure Direct Object References (IDOR)


HTTP Parameter Pollution (HPP)


Host Header Injection (HHI)


Server Side Request Forgery (SSRF)


OS Command Injection


LFI/LFD - Path Traversal - RFI

Remote File Inclusion (RFI)

Path Traversal

Local File Inclusion (LFI)


File Upload

Last updated