Web Parameter Tampering Attack
The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price ...
Rx iT World Hacking Tutorial
Unicode Encoding
The attack aims to explore flaws in the decoding mechanism implemented on applications when decoding Unicode data format. An attacker can use this technique to encode certain characters in the URL to ...
Trojan Horse – Main Types of Trojan Horse
A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The malicious code can be injected on benign applications, masqueraded in e-mail links, or sometimes hidden ...
Traffic Flood DoS Attack
Traffic Flood is a type of DoS attack targeting web servers. The attack explores the way that the TCP connection is managed. The attack consists of the generation of a lot of well-crafted TCP ...
Spyware Attacks
Spyware is a program that captures statistical information from a user's computer and sends it over internet without user acceptance. This information is usually obtained from cookies and the web ...
Special Element Injection
Special Element Injection is a type of injection attack that exploits a weakness related to reserved words and special characters. Every programming language and operating system has special ...
Setting Manipulation
This attack aims to modify application settings in order to cause misleading data or advantages on the attacker's behalf. They may manipulate values in the system and manage specific user resources ...
Session Hijacking Attack
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. Because http communication uses many different TCP ...
Session Fixation Attack
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the ...
Session Prediction Attack
The session prediction attack focuses on predicting session ID values that permit an attacker to bypass the authentication schema of an application. By analyzing and understanding the session ID ...
Server Side Request Forgery Attack
In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running ...
Server-Side Includes (SSI) Injection
SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is ...
SQL Injection Bypassing WAF
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the ...
SQL Injection Attack
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the ...
Reverse Tabnabbing
Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. As the user was originally on the correct page ...
Resource Injection
This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application defines a resource type or location based on user input, such as ...
Repudiation Attack
A repudiation attack happens when an application or system does not adopt controls to properly track and log users' actions, thus permitting malicious manipulation or forging the identification of ...
Regular expression Denial of Service (ReDoS)
The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to ...
Reflected DOM Injection
Reflected DOM Injection, or RDI, is a form of Stored Cross-Site Scripting. The outline of the attack is as follows:Crawler G retrieves data elements from attacker page A and commits the ...
QRLJacking or Quick Response Code Login Jacking
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a ...
