RatSec

RatSec Blog

A list of 50 web application exploit techniques that bug bounty hunters should be familiar with.

- Posted in Uncategorized by

Below is a list of 50 web application exploit techniques that bug bounty hunters should be familiar with. This list includes a range of common vulnerabilities that attackers may exploit, and understanding these can help in identifying security weaknesses in web applications:

  • SQL Injection: Exploiting poor input validation to manipulate SQL queries.
  • Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
  • Cross-Site Request Forgery (CSRF): Forcing an end user to execute unwanted actions on a web application in which they're currently authenticated.
  • XML External Entity (XXE) Injection: Attacking an application's XML parser by referencing an external entity.
  • Remote Code Execution (RCE): Running arbitrary code on the server.
  • Local File Inclusion (LFI): Including files on a server through the web interface.
  • Remote File Inclusion (RFI): Including remote files through the web interface.
  • Directory Traversal: Accessing files and directories that are stored outside the web root folder.
  • Insecure Direct Object References (IDOR): Accessing unauthorized data by modifying the value of a parameter used to directly point to an object.
  • Server-Side Request Forgery (SSRF): Forcing the server to execute requests on behalf of the attacker.
  • Security Misconfiguration: Exploiting insecure configuration settings.
  • Session Hijacking: Exploiting the web session control mechanism to steal cookies and impersonate users.
  • Session Fixation: Forcing a user's session ID to an explicit value.
  • Insecure Deserialization: Exploiting the deserialization of untrusted data.
  • Open Redirection: Manipulating URLs to redirect users to malicious sites.
  • Clickjacking: Trick users into clicking on something different from what the user perceives.
  • File Upload Vulnerabilities: Uploading malicious files to the server.
  • Command Injection: Injecting and executing commands on the host operating system.
  • Buffer Overflow: Sending more data than the buffer can handle to cause unexpected behavior.
  • Race Condition: Exploiting a system's timing flaw to perform unauthorized actions.
  • Cryptographic Failures: Breaking encryption to read sensitive data.
  • API Security Vulnerabilities: Exploiting flaws in APIs, such as weak authentication.
  • Subdomain Takeover: Taking control of a subdomain pointing to a service not in use.
  • CORS Misconfiguration: Exploiting Cross-Origin Resource Sharing misconfigurations.
  • JWT Token Manipulation: Exploiting vulnerabilities in the way JSON Web Tokens are handled.
  • OAuth Vulnerabilities: Exploiting flaws in the OAuth authentication protocol.
  • LDAP Injection: Injecting malicious LDAP statements.
  • Path Parameter Vulnerabilities: Exploiting path parameters to gain unauthorized access.
  • Business Logic Errors: Exploiting flaws in the application's business logic.
  • Mass Assignment: Exploiting the model-binding process by crafting input to modify data fields.
  • Email Header Injection: Injecting headers into email messages.
  • Host Header Injection: Exploiting ambiguous host headers to manipulate web applications.
  • Cache Poisoning: Manipulating cache data or keys to serve up malicious content.
  • Brute Force Attacks: Trying many passwords or passphrases with the hope of eventually guessing correctly.
  • Password Spraying: Attempting a single password against many accounts.
  • Credential Stuffing: Using breached credentials to gain unauthorized access.
  • Account Takeover (ATO): Gaining control of users' accounts.
  • DNS Hijacking: Redirecting the resolution of DNS names to malicious sites.
  • DOM-based Vulnerabilities: Exploiting DOM modifications for XSS or other attacks.
  • Man-in-the-Middle (MitM) Attacks: Intercepting communications between users and web applications.
  • Memory Corruption: Exploiting errors in memory management.
  • Template Injection: Injecting malicious content into templates.
  • HTTP Request Smuggling: Smuggling malicious HTTP requests through a web application.
  • HTTP Response Splitting: Causing the web application to send a double HTTP response.
  • Null Byte Injection: Using null byte characters to manipulate filesystem operations.
  • Parameter Pollution: Manipulating or injecting parameters in web requests.
  • Websocket Vulnerabilities: Exploiting vulnerabilities in websockets for unauthorized access or information disclosure.
  • Server-Side Template Injection (SSTI): Exploiting template engines leading to RCE.
  • Content Security Policy (CSP) Bypass: Bypassing CSP to execute XSS attacks.
  • Web Cache Deception: Tricking a web server into caching personal data.