لیست کامل انواع باگ وبسایت ها

لیست کامل آسیب پذیری های مربوط به وبسایت ها

سلام و درود خدمت کاربران عزیز کالی بویز. در این پست قرار هست که تمامی آسیب پذیری هایی که امکان داره در وبسایت ها رخ بده رو معرفی کنیم.

1. Arbitary File Deletion
2. Code Execution
3. (Cookie Manipulation (meta http-equiv & crlf injection
4. (CRLF Injection (HTTP response splitting
5. (Cross Frame Scripting (XFS
6. (Cross-Site Scripting (XSS
7. Directory traversal
8. Email Injection
9. File inclusion
10. Full path disclosure
11. LDAP Injection
12. PHP code injection
13. PHP curl_exec() url is controlled by user
14. PHP invalid data type error message
15. PHP preg_replace used on user input
16. PHP unserialize() used on user input
17. Remote XSL inclusion
18. Script source code disclosure
19. Server-Side Includes (SSI) Injection
20. SQL injection
21. URL redirection
22. XPath Injection vulnerability
23. EXIF
24. Blind SQL injection (timing)
25. (Blind SQL/XPath injection (many types
26. ۸٫۳ DOS filename source code disclosure
27. Search for Backup files
28. Cross Site Scripting in URI
29. PHP super-globals-overwrite
30. Script errors such as the Microsoft IIS Cookie Variable Information Disclosure

حمله های مشهور به حمله دیکشنری

• Cross Site Scripting in path
• Cross Site Scripting in Referer
• (Directory permissions (mostly for IIS
• (HTTP Verb Tampering (HTTP Verb POST & HTTP Verb WVS
• Possible sensitive files
• Possible sensitive files
• (Session fixation (jsessionid & PHPSESSID session fixation
• (Vulnerabilities (e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc
• (WebDAV (very vulnerable component of IIS servers

حمله های افشاء جستجو

• Application error message
• Check for common files
• Directory Listing
• Email address found
• Local path disclosure
• Possible sensitive files
• Microsoft Office possible sensitive information
• Possible internal IP address disclosure
• (Possible server path disclosure (Unix and Windows
• Possible username or password disclosure
• Sensitive data not encrypted
• Source code disclosure
• (Trojan shell (r57,c99,crystal shell etc
• ۹IF ANY )Wordpress database credentials disclosure)

اپلود فایل

• Unrestricted File Upload

حمله های رایج

• Microsoft IIS WebDAV Authentication Bypass
• SQL injection in the authentication header
• Weak Password
• (GHDB – Google hacking database ( using dorks to find what google crawlers have found like passwords etc

حمله های وب و سرور

• (Application Error Message (testing with empty, NULL, negative, big hex etc
• Code Execution
• SQL Injection
• XPath Injection
• (Blind SQL/XPath injection (test for numeric,string,number inputs etc
• (Stored Cross-Site Scripting (XSS
• (Cross-Site Request Forgery (CSRF

امتیاز ۴.۵ از ۵ – ۲ رای

در حال ثبت رای