Web Vulnerabilities WriteUps
Vulnerabilities Name
Cross-Site Scripting (XSS)
Content Security Policy (CSP)
Html Injection
Clickjacking (UI redressing)
Cross-Site Request Forgery (CSRF)
Cross Origin Resource Sharing (CORS)
Same Origin Policy (SOP)
Open Redirect
[Report-260744] Open Redirect and XSS on Twitter: https://dev.twitter.com/https:/%5cblackfan.ru/
[Report-320376] Open Redirect on HackerOne: after index.php/XYZ
[Report-119236] Open Redirect on Uber: IP address to a single number
Information Disclosure
Aaronesau blog Debug
Denial Of Service (DOS)
Simple Storage Service (S3)
SQLI
Tesla motors blind sql injection ’ + sleep(10) + ‘
External Xml Entity (XXE)
BLIND - XXE OOB ❌
Insecure Direct Object References (IDOR)
HTTP Parameter Pollution (HPP)
Host Header Injection (HHI)
Server Side Request Forgery (SSRF)
OS Command Injection
LFI/LFD - Path Traversal - RFI
Remote File Inclusion (RFI)
Path Traversal
Local File Inclusion (LFI)
File Upload
Last updated