Powered by Tech-Attacks

Different types of Web Application Hacking Attack Techniques / Ethical Hacking & Vulnerability Finding Techniques

Hello Readers, Below is Very Informative List for Different types of Web Application Attack Techniques - Hope you all will enjoy it.
Before reading further article Please take a second to Bookmark TechAttacks for your later use or For more Updates Follow us on our BLOG or get tuned by simply Liking Tech-Attacks on Facebook. 
This list below fits in category Parameter manipulation
    Arbitary File Deletion
    Code Execution
    Cookie Manipulation ( meta http-equiv & crlf injection )
    CRLF Injection ( HTTP response splitting )
    Cross Frame Scripting ( XFS )
    Cross-Site Scripting ( XSS )
    Directory traversal
    Email Injection
    File inclusion
    Full path disclosure
    LDAP Injection
    PHP code injection
    PHP curl_exec() url is controlled by user
    PHP invalid data type error message
    PHP preg_replace used on user input
    PHP unserialize() used on user input
    Remote XSL inclusion
    Script source code disclosure
    Server-Side Includes (SSI) Injection
    SQL injection
    URL redirection
    XPath Injection vulnerability
    EXIF


This list below fits in category MultiRequest parameter manipulation

    Blind SQL injection (timing)
    Blind SQL/XPath injection (many types)


This list below fits in category File checks

    8.3 DOS filename source code disclosure
    Search for Backup files
    Cross Site Scripting in URI
    PHP super-globals-overwrite
    Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )


This list below fits in category Directory checks
    Cross Site Scripting in path
    Cross Site Scripting in Referer
    Directory permissions ( mostly for IIS )
    HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
    Possible sensitive files
    Possible sensitive files
    ******* fixation ( j*******id & PHPSESSID ******* fixation )
    Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
    WebDAV ( very vulnerable component of IIS servers )


This list below fits in category Text Search Disclosure
    Application error message
    Check for common files
    Directory Listing
    Email address found
    Local path disclosure
    Possible sensitive files
    Microsoft Office possible sensitive information
    Possible internal IP address disclosure
    Possible server path disclosure ( Unix and Windows )
    Possible username or password disclosure
    Sensitive data not encrypted
    Source code disclosure
    Trojan shell ( r57,c99,crystal shell etc )
    ( IF ANY )Wordpress database credentials disclosure


This list below fits in category File Uploads
    Unrestricted File Upload

This list below fits in category Authentication
    Microsoft IIS WebDAV Authentication Bypass
    SQL injection in the authentication header
    Weak Password
    GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )


This list below fits in category Web Services - Parameter manipulation & with multirequest
    Application Error Message ( testing with empty, NULL, negative, big hex etc )
    Code Execution
    SQL Injection
    XPath Injection
    Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
    Stored Cross-Site Scripting ( XSS )
    Cross-Site Request Forgery ( CSRF )

This list was made some times ago, so it might get updated if any new Web Application Hacking Attack Techniques are found.
Credit Goes to "SilverSurfer" .

No comments:

Post a Comment