باگ وباگ وبسایت هابسایت ها

سلام و درود خدمت کاربران عزیز سایبر اسپیریت. در این پست قرار هست که لیست کامل انواع باگ وبسایت ها که امکان داره در رخ بده رو معرفی کنیم.

باگ وبسایت ها

لیست کامل انواع باگ وبسایت ها

  • Arbitary File Deletion
  • Code Execution
  • (Cookie Manipulation (meta http-equiv & crlf injection
  • (CRLF Injection (HTTP response splitting
  • (Cross Frame Scripting (XFS
  • (Cross-Site Scripting (XSS
  • Directory traversal
  • Email Injection
  • File inclusion
  • Full path disclosure
  • LDAP Injection
  • PHP code injection
  • PHP curl_exec() url is controlled by user
  • PHP invalid data type error message
  • PHP preg_replace used on user input
  • PHP unserialize() used on user input
  • Remote XSL inclusion
  • Script source code disclosure
  • Server-Side Includes (SSI) Injection
  • SQL injection
  • URL redirection
  • XPath Injection vulnerability
  • EXIF
  • Blind SQL injection (timing)
  • (Blind SQL/XPath injection (many types
  • ۸٫۳ DOS filename source code disclosure
  • Search for Backup files
  • Cross Site Scripting in URI
  • PHP super-globals-overwrite
  • Script errors such as the Microsoft IIS Cookie Variable Information Disclosure

حمله های مشهور به حمله دیکشنری

  • Cross Site Scripting in path
  • Cross Site Scripting in Referer
  • (Directory permissions (mostly for IIS
  • (HTTP Verb Tampering (HTTP Verb POST & HTTP Verb WVS
  • Possible sensitive files
  • Possible sensitive files
  • (Session fixation (jsessionid & PHPSESSID session fixation
  • (Vulnerabilities (e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc
  • (WebDAV (very vulnerable component of IIS servers

حمله های افشاء جستجو

  • Application error message
  • Check for common files
  • Directory Listing
  • Email address found
  • Local path disclosure
  • Possible sensitive files
  • Microsoft Office possible sensitive information
  • Possible internal IP address disclosure
  • (Possible server path disclosure (Unix and Windows
  • Possible username or password disclosure
  • Sensitive data not encrypted
  • Source code disclosure
  • (Trojan shell (r57,c99,crystal shell etc
  • ۹IF ANY )Wordpress database credentials disclosure)
پیشنهاد میکنیم این مقاله رو هم مطالعه کنید  امنیت در اینترنت و شبکه

اپلود فایل

  • Unrestricted File Upload

حمله های رایج

  • Microsoft IIS WebDAV Authentication Bypass
  • SQL injection in the authentication header
  • Weak Password
  • (GHDB – Google hacking database ( using dorks to find what google crawlers have found like passwords etc

حمله های وب و سرور

  • (Application Error Message (testing with empty, NULL, negative, big hex etc
  • Code Execution
  • SQL Injection
  • XPath Injection
  • (Blind SQL/XPath injection (test for numeric,string,number inputs etc
  • (Stored Cross-Site Scripting (XSS
  • (Cross-Site Request Forgery (CSRF