🗃️ Authentication & Authorization
1 item
🗃️ Code Execution
4 items
🗃️ SQL Injection
3 items
🗃️ Cross Site Scripting (XSS)
1 item
🗃️ File Inclusion
2 items
🗃️ File Upload
1 item
📄️ Command Injection
Command injection is a security flaw that allows attackers to run arbitrary system commands on a server. It occurs when user input is improperly validated and passed to a shell or command-line interpreter. 
🗃️ XML Attacks
3 items
🗃️ Cryptographic Failure
6 items
🗃️ Server-Side Template Injection (SSTI)
3 items
🗃️ Server-Side Request Forgery (SSRF)
1 item
📄️ Server-Side Includes (SSI)
Updating Soon...
🗃️ JWT Attacks
3 items
📄️ JSON Web Encryption (JWE)
JSON Web Encryption (JWE) is used to encrypt data inside tokens.\
📄️ Mass Assignment
When developers first started building web applications backed by databases, they often had to write raw SQL queries manually. This approach was repetitive, error-prone, and hard to maintain. To solve this, modern frameworks introduced Object-Relational Mapping (ORM) systems, which allow developers to interact with database records as objects instead of writing SQL directly.
🗃️ Cross-Site Request Forgery (CSRF)
1 item
📄️ Open Redirect
Un-validated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. 
📄️ Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) is a browser security feature that allows web servers to specify which other domains (origins) can access their resources, relaxing the default Same-Origin Policy (SOP) that blocks cross-domain requests.
🗃️ WebSocket Vulnerabilities
1 item
🗃️ postMessage() Vulnerabilities
4 items
📄️ Cross-Site Leak Vulnerability
* https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
🗃️ Insecure Deserialization
7 items
📄️ PHP Type Juggling (Type Confusion)
PHP Type Juggling, also known as Type Confusion, is a vulnerability caused by PHP’s loose comparison system (==), where variables of different types are automatically converted before comparison.
📄️ JS Prototype Pollution
Prototype Pollution is a class of vulnerability in JavaScript applications that allows an attacker to modify the prototype of base objects such as Object. Because JavaScript uses prototype-based inheritance, every object inherits properties and methods from its prototype. If an attacker can inject or modify properties in this prototype, those malicious attributes will be inherited by all objects in the application.
📄️ LDAP Injection
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy.
📄️ IIS Tilde Enumeration
IIS Tilde Enumeration (also known as IIS Short Name Disclosure or 8.3 Name Disclosure) is a vulnerability in Microsoft Internet Information Services (IIS) where attackers can enumerate files and directories using their short (8.3) names. Windows supports legacy 8.3 filenames (e.g., longfilename.txt → LONGFI~1.TXT), and IIS may expose these names due to improper handling of tilde (~) characters in URL requests. This allows attackers to infer the presence of files and folders, even if directory listing is disabled. By sending crafted HTTP requests with ~1, ~2, etc., attackers can systematically determine file and folder names, leading to potential information disclosure and aiding further exploitation. This issue affects IIS versions up to IIS 8.5 unless mitigated by disabling 8.3 filename support or applying security patches.
🗃️ Common Gateway Interface
1 item
🗃️ Framework Specific
3 items
🗃️ Apache Struts 2
2 items
🗃️ Other Vectors
1 item