DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM ...

The software does not properly filter or quote special characters or reserved words that are used in a custom or proprietary language or representation that is ...

Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret ...

A Cross-Site Tracing (XST) attack involves the use of ({{ site.baseurl }}/attacks/xss) and the TRACE or TRACK HTTP methods. According to RFC 2616, "TRACE ...

Cross-Site History Manipulation (XSHM) is a SOP (Same Origin Policy) security breach. SOP is the most important security concept of modern browsers. SOP means ...

Cross-Frame Scripting (XFS) is an attack that combines malicious JavaScript with an iframe that loads a legitimate page in an effort to steal data from an ...

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks ...

An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a ...

Credential stuffing is the automated injection of stolen username and password pairs ("credentials") in to website login forms, in order to fraudulently gain ...

Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an ...

Comments injected into an application through input can be used to compromise a system. As data is parsed, an injected/malformed comment may cause the process ...

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command ...

Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack ...

Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or ...

A Cash Overflow attack is a Denial of Service attack specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting ...

The impact of a maliciously constructed response can be magnified if it is cached either by a web cache used by multiple users or even the browser cache of a ...

CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft ...

CORS stands for Cross-Origin Resource Sharing. Is an feature offering the possbility to: A web application to expose resources to all or restricted ...

CORS stands for Cross-Origin Resource Sharing. Is a feature offering the possibility for: A web application to expose resources to all or restricted ...

This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an ...