# --------------
| - | None
| o | Only theory
| x | Theory + practice
# --------------
[x] SQLi
[] XSS
[] Reflected XSS
[] DOM-based XSS
[] Stored XSS
[] Info disclosure
[] IAC (Improper Access Control)
[] Directory traversal
[] CSRF
[] CSRF tokens and vulns
[] Clickjacking
[] CSP (content-security-policy)
[] SSRF
[] OS command injection
[] HTTP Host header attacks
[] password reset poisoning portswigger lab
[] Routing-based SSRF
[] More here: https://portswigger.net/web-security/host-header/exploiting
[] HTTP request smuggling
[] Finding HTTP request smuggling vuln
[] Exploiting HTTP request smuggling
[] web cache poisoning
[] XXE
[] Exploiting XXE to retrieve files
[] Exploiting XXE to perform SSRF attacks
[] Exploiting blind XXE exfiltrate data out-of-band
[] Exploiting blind XXE to retrieve data via error messages
[] Open Redirect Vulnerability
[] SOP (same-origin-policy)
[] CORS (cross-origin resource sharing)
[] access control (authorization) vuln
[] IDOR
[] authentication
[] Parameter pollution
[] SSTI, Server-side Template Injection (attacker can inject malicious template code. It is dangerous, rce too, example of flask)
[] detect, special characters commonly used in template expressions, such as ${{<%[%'"}}%\. If an exception is raised
[] identify, Once you have detected the template injection potential, the next step is to identify the template engine (ci sono della tebelle schematiche)
[] exploit
[] WebSockets
[] Deserialization
[] DOM-based vulnerabilities
[] 2FA vulns
[] OAuth auth vuln
[] ...
Last active
April 2, 2023 22:03
-
-
Save tin-z/57f3cb0d6f21056274dfd129bbbb5675 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment