All Web Application Attacking Methods

This list is not full list, if there are some attacks I missed, please comment below.


This list below fits in category Parameter manipulation

• Arbitary File Deletion
• Code Execution
• Cookie Manipulation ( meta http-equiv & crlf injection )
• CRLF Injection ( HTTP response splitting )
• Cross Frame Scripting ( XFS )
• Cross-Site Scripting ( XSS )
• Directory traversal
• Email Injection
• File inclusion
• Full path disclosure
• LDAP Injection
• PHP code injection
• PHP curl_exec() url is controlled by user
• PHP invalid data type error message
• PHP preg_replace used on user input
• PHP unserialize() used on user input
• Remote XSL inclusion
• Script source code disclosure
• Server-Side Includes (SSI) Injection
• SQL injection
• URL redirection
• XPath Injection vulnerability
• EXIF

This list below fits in category MultiRequest parameter manipulation

• Blind SQL injection (timing)
• Blind SQL/XPath injection (many types)

This list below fits in category File checks

• 8.3 DOS filename source code disclosure
• Search for Backup files
• Cross Site Scripting in URI
• PHP super-globals-overwrite
• Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )

This list below fits in category Directory checks

• Cross Site Scripting in path
• Cross Site Scripting in Referer
• Directory permissions ( mostly for IIS )
• HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
• Possible sensitive files
• Possible sensitive files
• ******* fixation ( j*******id & PHPSESSID ******* fixation )
• Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
• WebDAV ( very vulnerable component of IIS servers )

This list below fits in category Text Search Disclosure

• Application error message
• Check for common files
• Directory Listing
• Email address found
• Local path disclosure
• Possible sensitive files
• Microsoft Office possible sensitive information
• Possible internal IP address disclosure
• Possible server path disclosure ( Unix and Windows )
• Possible username or password disclosure
• Sensitive data not encrypted
• Source code disclosure
• Trojan shell ( r57,c99,crystal shell etc )
• ( IF ANY )Wordpress database credentials disclosure

This list below fits in category File Uploads

• Unrestricted File Upload

This list below fits in category Authentication

• Microsoft IIS WebDAV Authentication Bypass
• SQL injection in the authentication header
• Weak Password
• GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )

This list below fits in category Web Services - Parameter manipulation & with multirequest

• Application Error Message ( testing with empty, NULL, negative, big hex etc )
• Code Execution
• SQL Injection
• XPath Injection
• Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
• Stored Cross-Site Scripting ( XSS )
• Cross-Site Request Forgery ( CSRF )