Some Tutorials and Things to Do while Hunting Particular Vulnerability.
- Using Default Credentials
- Local File Inclusion
- Remote Code Execution (RCE)
- SQL Injection
- XML External Entity Injection (XXE)
- Authentication Bypass
- Disclosure of Secrets - For Publicly Accessible Asset
- Insecure OS/Firmware - Command Injection
- Insecure OS/Firmware - Hardcoded Password Privileged User
- Broken Cryptography - Cryptographic Flaw - Incorrect Usage
- Misconfigured DNS - High Impact Subdomain Takeover
- OAuth Misconfiguration - Account Takeover
- Weak Password Reset Implementation - Token Leakage via Host Header Poisoning
- XSS - Stored - Non-Privileged User to Anyone
- Server-Side Request Forgery (SSRF) - Internal High Impact
- Cross-Site Request Forgery (CSRF) Application-Wide
- Application-Level Denial-of-Service (DoS) - Critical Impact and/or Easy Difficulty
- Insecure OS/Firmware - Hardcoded Password - Non-Privileged User
- Misconfigured DNS - Basic Subdomain Takeover
- Mail Server Misconfiguration - No Spoofing Protection on Email Domain
- HTTP Response Manipulation - Response Splitting (CRLF)
- Content Spoofing - iframe Injection
- 2FA Bypass
- Session Fixation - Remote Attack Vector
- Disclosure of Secrets - For Internal Asset
- EXIF Geolocation Data Not Stripped From Uploaded Images - Automatic User Enumeration
- XSS - Stored - Privileged User to Privilege Elevation
- XSS - Stored - CSRF/URL-Based
- XSS - Reflected - Non-Self
- Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact
- Application-Level Denial-of-Service (DoS) - High Impact and/or Medium Difficulty
- Client-Side Injection - Binary Planting - Default Folder Privilege Escalation
- Misconfigured DNS - Zone Transfer
- Mail Server Misconfiguration - Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
- Database Management System (DBMS) Misconfiguration - Excessively Privileged User / DBA
- Lack of Password Confirmation On Delete Account
- No Rate Limiting on Form - Registration
- No Rate Limiting on Form - Login
- No Rate Limiting on Form - Email-Triggering
- No Rate Limiting on Form - SMS-Triggering
- Missing Secure or HTTPOnly Cookie Flag - Session Token
- Clickjacking - Sensitive Click-Based Action
- OAuth Misconfiguration - Account Squatting
- CAPTCHA - Implementation Vulnerability
- Lack of Security Headers - Cache-Control for a Sensitive Page
- Web Application Firewall (WAF) Bypass - Direct Server Access
- Content Spoofing - Impersonation via Broken Link Hijacking
- Content Spoofing - External Authentication Injection
- Content Spoofing - Email HTML Injection
- Server-Side Template Injection (SSTI) - Basic
- Cleartext Transmission of Session Token
- Weak Login Function - Other Plaintext Protocol with no Secure Alternative
- Weak Login Function - Over HTTP
- Failure to Invalidate Session On - Logout (Client and Server-Side)
- Failure to Invalidate Session On - Password Reset and/or Change
- Weak Registration Implementation Over HTTP
- Disclosure of Secrets Pay-Per-Use Abuse
- EXIF Geolocation Data Not Stripped From Uploaded Images - Manual User Enumeration
- Visible Detailed Error/Debug Page - Detailed Server Configuration
- XSS - Stored - Privileged User to No Privilege Elevation
- XSS - IE-Only - IE11
- XSS - Referer
- XSS - Universal (UXSS)
- XSS - Off-Domain - Data Uri
- Server-Side Request Forgery (SSRF) External
- Username/Email Enumeration - Non-Brute Force
- Open Redirect - GET-Based
- No Password Policy
- Weak Password Reset Implementation - Token is Not Invalidated After Use
- Weak 2FA Implementation - 2FA Secret Cannot be Rotated
- Weak 2FA Implementation - 2FA Secret Remains Obtainable After 2FA is Enabled
- Sensitive Application Data Stored Unencrypted - On External Storage
- Executable Download - No Secure Integrity Check
- Unnecessary Data Collection WiFi SSID+Password
 Faizee Asad ✅ |
 Faizi Moeed ✅ |