Web Application Vulnerabilities 101 - Directory Traversal
Directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and »
DVWA - File Inclusion
LFI & RFI are commonly found in poorly written PHP code, allows an attacker to include a local or remote PHP file into the webservers running »
CSRF - Cross Site Request Forgery
CSRF refers to an attack against authenticated web applications using Cookies wherein an attacker is able to trick a victim into making a request that the »
XSS - Cross Site Scripting
XSS in an input validation weakness which allows an attacker to inject a payload into a response from the application. When the payload can included HTML/ »
XXE - XML External Entity
The XML External Entity (XXE) attack is a type of attack against an application that parses XML input. An XXE attack typically occurs when XML input »
Unrestricted File Upload
Many web applications allow users to upload content. The content may be images, word documents, audio and video files etc. This upload facility however exposes a »