This list below fits in category Parameter manipulation
- Arbitary File Deletion
- Code Execution
- Cookie Manipulation ( meta http-equiv & crlf injection )
- CRLF Injection ( HTTP response splitting )
- Cross Frame Scripting ( XFS )
- Cross-Site Scripting ( XSS )
- Directory traversal
- Email Injection
- File inclusion
- Full path disclosure
- LDAP Injection
- PHP code injection
- PHP curl_exec() url is controlled by user
- PHP invalid data type error message
- PHP preg_replace used on user input
- PHP unserialize() used on user input
- Remote XSL inclusion
- Script source code disclosure
- Server-Side Includes (SSI) Injection
- SQL injection
- URL redirection
- XPath Injection vulnerability
- EXIF
This list below fits in category MultiRequest parameter manipulation
- Blind SQL injection (timing)
- Blind SQL/XPath injection (many types)
This list below fits in category File checks
- 8.3 DOS filename source code disclosure
- Search for Backup files
- Cross Site Scripting in URI
- PHP super-globals-overwrite
- Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
This list below fits in category Directory checks
- Cross Site Scripting in path
- Cross Site Scripting in Referer
- Directory permissions ( mostly for IIS )
- HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
- Possible sensitive files
- Possible sensitive files
- ******* fixation ( j*******id & PHPSESSID ******* fixation )
- Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
- WebDAV ( very vulnerable component of IIS servers )
This list below fits in category Text Search Disclosure
- Application error message
- Check for common files
- Directory Listing
- Email address found
- Local path disclosure
- Possible sensitive files
- Microsoft Office possible sensitive information
- Possible internal IP address disclosure
- Possible server path disclosure ( Unix and Windows )
- Possible username or password disclosure
- Sensitive data not encrypted
- Source code disclosure
- Trojan shell ( r57,c99,crystal shell etc )
- ( IF ANY )Wordpress database credentials disclosure
This list below fits in category File Uploads
- Unrestricted File Upload
This list below fits in category Authentication
- Microsoft IIS WebDAV Authentication Bypass
- SQL injection in the authentication header
- Weak Password
- GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
This list below fits in category Web Services - Parameter manipulation & with multirequest
- Application Error Message ( testing with empty, NULL, negative, big hex etc )
- Code Execution
- SQL Injection
- XPath Injection
- Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
- Stored Cross-Site Scripting ( XSS )
- Cross-Site Request Forgery ( CSRF )
Credit to SilverSurfer
Post a Comment