Below is a list of 50 web application exploit techniques that bug bounty hunters should be familiar with. This list includes a range of common vulnerabilities that attackers may exploit, and understanding these can help in identifying security weaknesses in web applications:
- SQL Injection: Exploiting poor input validation to manipulate SQL queries.
- Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
- Cross-Site Request Forgery (CSRF): Forcing an end user to execute unwanted actions on a web application in which they're currently authenticated.
- XML External Entity (XXE) Injection: Attacking an application's XML parser by referencing an external entity.
- Remote Code Execution (RCE): Running arbitrary code on the server.
- Local File Inclusion (LFI): Including files on a server through the web interface.
- Remote File Inclusion (RFI): Including remote files through the web interface.
- Directory Traversal: Accessing files and directories that are stored outside the web root folder.
- Insecure Direct Object References (IDOR): Accessing unauthorized data by modifying the value of a parameter used to directly point to an object.
- Server-Side Request Forgery (SSRF): Forcing the server to execute requests on behalf of the attacker.
- Security Misconfiguration: Exploiting insecure configuration settings.
- Session Hijacking: Exploiting the web session control mechanism to steal cookies and impersonate users.
- Session Fixation: Forcing a user's session ID to an explicit value.
- Insecure Deserialization: Exploiting the deserialization of untrusted data.
- Open Redirection: Manipulating URLs to redirect users to malicious sites.
- Clickjacking: Trick users into clicking on something different from what the user perceives.
- File Upload Vulnerabilities: Uploading malicious files to the server.
- Command Injection: Injecting and executing commands on the host operating system.
- Buffer Overflow: Sending more data than the buffer can handle to cause unexpected behavior.
- Race Condition: Exploiting a system's timing flaw to perform unauthorized actions.
- Cryptographic Failures: Breaking encryption to read sensitive data.
- API Security Vulnerabilities: Exploiting flaws in APIs, such as weak authentication.
- Subdomain Takeover: Taking control of a subdomain pointing to a service not in use.
- CORS Misconfiguration: Exploiting Cross-Origin Resource Sharing misconfigurations.
- JWT Token Manipulation: Exploiting vulnerabilities in the way JSON Web Tokens are handled.
- OAuth Vulnerabilities: Exploiting flaws in the OAuth authentication protocol.
- LDAP Injection: Injecting malicious LDAP statements.
- Path Parameter Vulnerabilities: Exploiting path parameters to gain unauthorized access.
- Business Logic Errors: Exploiting flaws in the application's business logic.
- Mass Assignment: Exploiting the model-binding process by crafting input to modify data fields.
- Email Header Injection: Injecting headers into email messages.
- Host Header Injection: Exploiting ambiguous host headers to manipulate web applications.
- Cache Poisoning: Manipulating cache data or keys to serve up malicious content.
- Brute Force Attacks: Trying many passwords or passphrases with the hope of eventually guessing correctly.
- Password Spraying: Attempting a single password against many accounts.
- Credential Stuffing: Using breached credentials to gain unauthorized access.
- Account Takeover (ATO): Gaining control of users' accounts.
- DNS Hijacking: Redirecting the resolution of DNS names to malicious sites.
- DOM-based Vulnerabilities: Exploiting DOM modifications for XSS or other attacks.
- Man-in-the-Middle (MitM) Attacks: Intercepting communications between users and web applications.
- Memory Corruption: Exploiting errors in memory management.
- Template Injection: Injecting malicious content into templates.
- HTTP Request Smuggling: Smuggling malicious HTTP requests through a web application.
- HTTP Response Splitting: Causing the web application to send a double HTTP response.
- Null Byte Injection: Using null byte characters to manipulate filesystem operations.
- Parameter Pollution: Manipulating or injecting parameters in web requests.
- Websocket Vulnerabilities: Exploiting vulnerabilities in websockets for unauthorized access or information disclosure.
- Server-Side Template Injection (SSTI): Exploiting template engines leading to RCE.
- Content Security Policy (CSP) Bypass: Bypassing CSP to execute XSS attacks.
- Web Cache Deception: Tricking a web server into caching personal data.