All Web Application Hacking Methods




Parameter manipulation

* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )

* Cross-Site Scripting ( XSS )





* Directory traversal
* Email Injection

* File inclusion



* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF


*Buffer Overflows



*Clickjacking
*Dangling Pointers
*Format String Attack
*FTP Bounce Attack
*Symlinking







This list below fits in category MultiRequest parameter manipulation


* Blind SQL injection (timing)

* Blind SQL/XPath injection (many types)





This list below fits in category File checks


* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )




This list below fits in category Directory checks


* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )

* DNN (Dot Net Nuke)




This list below fits in category Text Search Disclosure


* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure





This list below fits in category File Uploads


* Unrestricted File Upload




This list below fits in category Authentication


* Microsoft IIS WebDAV Authentication Bypass
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )





This list below fits in category Web Services - Parameter manipulation & with multirequest


* Application Error Message ( testing with empty, NULL, negative, big hex etc )
* Code Execution

* SQL Injection




* XPath Injection
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )

* Cross-Site Request Forgery ( CSRF )

From hackcommunity.cpm



1 comments:

Brute Force Attacks: Wordlists


Here you can find cool wordlists for your brute force attack!

http://www.skullsecurity.org/wiki/index.php/Passwords

2 comments:

Best exploit Databases.



Here are some of the best exploit databases:
http://www.metasploit.com/modules/

http://www.exploit-db.com/

http://osvdb.org/

http://securityvulns.com/

http://packetstormsecurity.com/files/tags/exploit/

http://www.securityfocus.com/

http://www.securiteam.com/

http://www.1337day.com/

http://secunia.com/advisories/

http://insecure.org/sploits_all.html

http://www.exploitsearch.net/



3 comments:

Leave a comment if you like the post !