Search
HZ Tracker
Latest topics
Who is online?
In total there are 4 users online :: 0 Registered, 0 Hidden and 4 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
All Web Application Hacking Methods
2 posters
Page 1 of 1
All Web Application Hacking Methods
by kyle5647 Mon Apr 28, 2014 10:31 pm
I Working on filling this thread with linking tutorial here :
So thread is Under Construction
, we are adding every relative topic here with easy navigation , So thread is not beautiful or attractive , Sorry for that ,
Also thinking : there is lot of threads for same topic , ex: XSS , get one from vote and add only one tutorial here , coz it will make more easy
Parameter manipulation
* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
Complete XSS Tutorial - 1234HotMaster
Cross Site Scripting(XSS) for Beginners - KoKoKrants
Basic xss tutorial - Anima Tempai
* Directory traversal
* Email Injection
* File inclusion
[TUT]RFI ( Remote File Inclusion ) - 123HotMaster
[TUT]LFI ( Local File Inclusion ) - EvilKing
* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF
Format String Vulnerabilities
JSON Injection
Parameter Tampering (which I see is already covered, just the topic names are divided)
Iframe Injection
ASP ViewState
Padding Oracle
ASP Forms Authentication
*Buffer Overflows
Buffer Overflows and IDS Basic Review - Keeper
*Clickjacking
*Dangling Pointers
*Format String Attack
*FTP Bounce Attack
*Symlinking
This list below fits in category MultiRequest parameter manipulation
* Blind SQL injection (timing)
* Blind SQL/XPath injection (many types)
Blind based SQL Injection with SQL map - insecure5082
This list below fits in category File checks
* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
This list below fits in category Directory checks
* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )
* DNN (Dot Net Nuke)
[*]Complete DNN (Dot Net Nuke) - numan_malik999
This list below fits in category Text Search Disclosure
* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure
This list below fits in category File Uploads
* Unrestricted File Upload
This list below fits in category Authentication
* Microsoft IIS WebDAV Authentication Bypass
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
This list below fits in category Web Services - Parameter manipulation & with multirequest
* Application Error Message ( testing with empty, NULL, negative, big hex etc )
* Code Execution
* SQL Injection
[SQLMap]SQL injection + Database takeover - pt. 1 - 1llusion
SQL Injection Tutorial - Solixious
SQLi Complete Noob Guide with video - c0d3rinj3ct0r
My SQL injection complete tutorial - V1P3R
* XPath Injection
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )
* Cross-Site Request Forgery ( CSRF )
Cross-Site Request Forgery ( CSRF ) - Shining White
----------
New Contributions : Keeper |
Interest on making this more big ? please post below what is missing here more , Smile
So thread is Under Construction
, we are adding every relative topic here with easy navigation , So thread is not beautiful or attractive , Sorry for that ,
Also thinking : there is lot of threads for same topic , ex: XSS , get one from vote and add only one tutorial here , coz it will make more easy
Parameter manipulation
* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
Complete XSS Tutorial - 1234HotMaster
Cross Site Scripting(XSS) for Beginners - KoKoKrants
Basic xss tutorial - Anima Tempai
* Directory traversal
* Email Injection
* File inclusion
[TUT]RFI ( Remote File Inclusion ) - 123HotMaster
[TUT]LFI ( Local File Inclusion ) - EvilKing
* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF
Format String Vulnerabilities
JSON Injection
Parameter Tampering (which I see is already covered, just the topic names are divided)
Iframe Injection
ASP ViewState
Padding Oracle
ASP Forms Authentication
*Buffer Overflows
Buffer Overflows and IDS Basic Review - Keeper
*Clickjacking
*Dangling Pointers
*Format String Attack
*FTP Bounce Attack
*Symlinking
This list below fits in category MultiRequest parameter manipulation
* Blind SQL injection (timing)
* Blind SQL/XPath injection (many types)
Blind based SQL Injection with SQL map - insecure5082
This list below fits in category File checks
* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
This list below fits in category Directory checks
* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )
* DNN (Dot Net Nuke)
[*]Complete DNN (Dot Net Nuke) - numan_malik999
This list below fits in category Text Search Disclosure
* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure
This list below fits in category File Uploads
* Unrestricted File Upload
This list below fits in category Authentication
* Microsoft IIS WebDAV Authentication Bypass
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
This list below fits in category Web Services - Parameter manipulation & with multirequest
* Application Error Message ( testing with empty, NULL, negative, big hex etc )
* Code Execution
* SQL Injection
[SQLMap]SQL injection + Database takeover - pt. 1 - 1llusion
SQL Injection Tutorial - Solixious
SQLi Complete Noob Guide with video - c0d3rinj3ct0r
My SQL injection complete tutorial - V1P3R
* XPath Injection
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )
* Cross-Site Request Forgery ( CSRF )
Cross-Site Request Forgery ( CSRF ) - Shining White
----------
New Contributions : Keeper |
Interest on making this more big ? please post below what is missing here more , Smile
kyle5647- Member
- Posts : 40
Join date : 2014-04-08
Re: All Web Application Hacking Methods
by Admin Sun May 04, 2014 9:04 pm
Great job with this! you've earned the sticky!
Admin- Coder
- Posts : 101
Join date : 2014-04-07 -
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
» SQL injection and Quote escaping
» [TUT] Chmod: Files & Permissions [TUT]
» Reaver pixiewps
» How To Crash Someone's Skype in 10 SECONDS
» Internet Security & IP Security (IPSec)
» [Python] Infinite / Definite File Generator
» [C#] String Case-Inversion
» Rekall Memory Forensic Framework