DOM Based XSS Attack
DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by ...
Rx iT World Hacking Tutorial
Custom Special Character Injection
The software does not properly filter or quote special characters or reserved words that are used in a custom or proprietary language or representation that is used by the product. That allows ...
Cryptanalysis
Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the ...
Cross-Site Tracing (XST)
A Cross-Site Tracing (XST) attack involves the use of ({{ site.baseurl }}/attacks/xss) and the TRACE or TRACK HTTP methods. According to RFC 2616, "TRACE allows the client to see what is being ...
Cross-Site History Manipulation (XSHM)
Cross-Site History Manipulation (XSHM) is a SOP (Same Origin Policy) security breach. SOP is the most important security concept of modern browsers. SOP means that web pages from different origins by ...
Cross-Frame Scripting (XFS) iAttack
Cross-Frame Scripting (XFS) is an attack that combines malicious JavaScript with an iframe that loads a legitimate page in an effort to steal data from an unsuspecting user. This attack is usually ...
Cross-Site Scripting (XSS) Attacks
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web ...
Cross User Defacement Attacks
An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, ...
Credential Stuffing Attacks
Credential stuffing is the automated injection of stolen username and password pairs ("credentials") in to website login forms, in order to fraudulently gain access to user accounts. Since many ...
Content spoofing, Content Injection
Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web ...
Comment Injection Attack
Comments injected into an application through input can be used to compromise a system. As data is parsed, an injected/malformed comment may cause the process to take unexpected actions that result ...
Command Injection
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an ...
Code Injection
Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. ...
Clickjacking and UI Redress Attack
Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were ...
Cash Overflow Attack
A Cash Overflow attack is a Denial of Service attack specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting the service owner or exceeding the ...
Cache Poisoning
The impact of a maliciously constructed response can be magnified if it is cached either by a web cache used by multiple users or even the browser cache of a single user. If a response is cached in a ...
CSV Injection
CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or LibreOffice Calc is used to open a ...
CORS Request Preflight Scrutiny
CORS stands for Cross-Origin Resource Sharing. Is an feature offering the possbility to:A web application to expose resources to all or restricted domain, A web client to made AJAX ...
CORS Origin Header Scrutiny
CORS stands for Cross-Origin Resource Sharing. Is a feature offering the possibility for:A web application to expose resources to all or restricted domain, A web client to make AJAX ...
Buffer Overflow Attack
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow ...
