Web vulnerabilities are security flaws that attackers exploit to gain unauthorized access, steal data, or disrupt services. These vulnerabilities often arise from improper input validation, weak authentication, misconfigurations, and insecure code practices. Some of the most frequent vulnerabilities include SQL Injection (SQLi), where attackers manipulate databases through unsanitized inputs; Cross-Site Scripting (XSS), where malicious scripts are injected into web pages; and Cross-Site Request Forgery (CSRF), which tricks users into executing unintended actions. Insecure authentication, Data exposure, and Broken access controls also pose significant threats. By understanding these vulnerabilities, we can easily check for bugs in bug bounty programs or try hacking into the system.
Here's a list of 100 most common web vulenrabilities which are helpful in bug bounty :
🐱 Injection Vulnerabilities:
1. SQL Injection (SQLi): A vulnerability that allows attackers to manipulate database queries through unvalidated user inputs, leading to unauthorized access or data leakage.
2. Cross-Site Scripting (XSS): Injects malicious scripts into web pages viewed by others, allowing attackers to steal session tokens, redirect users, or deface websites.
3. Cross-Site Request Forgery (CSRF): Tricks a user into unknowingly executing malicious actions on a web application where they are authenticated, such as changing passwords or making transactions.
4. Remote Code Execution (RCE): Allows attackers to remotely execute malicious code on a server, potentially gaining full control over the application or system.
5. Command Injection: Occurs when an attacker can inject system-level commands into a web application, leading to unauthorized command execution.
6. XML Injection: Alters XML data or queries, potentially allowing unauthorized access or manipulation of the backend server.
7. LDAP Injection: Exploits vulnerabilities in LDAP queries to inject malicious input, enabling unauthorized access to directories or systems.
8. XPath Injection: Manipulates XML XPath queries through user input to access sensitive data or bypass authentication.
9. HTML Injection: Injects malicious HTML code into a web application, which may alter the website's appearance or functionality.
10. Server-Side Includes (SSI) Injection: Allows attackers to inject or modify SSI directives in web applications, potentially executing arbitrary code.
11. OS Command Injection: Enables attackers to execute operating system commands through a vulnerable application, compromising the server.
12. Blind SQL Injection: Executes SQL queries where the attacker doesn't see the output but can infer details from system responses.
13. Server-Side Template Injection (SSTI): Injects malicious code into server-side templates, leading to unauthorized command execution or data exposure.
💻 Broken Authentication and Session Management:
14. Session Fixation: Forces a user to use a pre-determined session ID, allowing the attacker to hijack the session after login.
15. Brute Force Attack: Attempts to guess a password or encryption key by systematically trying all possible combinations.
16. Session Hijacking: Steals an active user session by capturing session tokens, allowing attackers to impersonate the user.
17. Password Cracking: Attempts to recover a password from stored data, often using dictionary attacks or brute force methods.
18. Weak Password Storage: Poorly stored passwords (e.g., unencrypted or using weak hashing) make it easier for attackers to steal and crack passwords.
19. Insecure Authentication: Weak or improperly implemented authentication mechanisms make it easy for attackers to gain unauthorized access.
20. Cookie Theft: Attackers steal session cookies through techniques like XSS to hijack user sessions.
21. Credential Reuse: Exploits users who reuse passwords across multiple platforms, enabling attackers to access several accounts if one is compromised.
🐱 Sensitive Data Exposure:
22. Inadequate Encryption: Insufficient encryption allows sensitive data to be intercepted and read by attackers.
23. Insecure Direct Object References (IDOR): Exposes internal objects like files or databases directly in URLs, allowing unauthorized access to sensitive data.
24. Data Leakage: Unintentionally exposes sensitive information through insecure APIs, logs, or error messages.
25. Unencrypted Data Storage: Storing sensitive data without encryption leaves it vulnerable to unauthorized access if breached.
26. Missing Security Headers: Lack of proper security headers exposes web applications to various attacks like XSS or clickjacking.
27. Insecure File Handling: Poor validation of uploaded files may allow attackers to upload malicious files, leading to server compromise.
💻 Security Misconfiguration:
28. Default Passwords: Failing to change default credentials leaves systems vulnerable to unauthorized access.
29. Directory Listing: Exposes the contents of web directories to users, potentially leaking sensitive information or files.
30. Unprotected API Endpoints: Lack of security around API endpoints allows unauthorized access or data manipulation.
31. Open Ports and Services: Exposing unnecessary ports or services creates additional entry points for attackers.
32. Improper Access Controls: Weak or non-existent access controls allow unauthorized users to access sensitive resources.
33. Information Disclosure: Accidentally revealing sensitive information through error messages or debug logs aids attackers in gathering intelligence.
34. Unpatched Software: Outdated software with known vulnerabilities exposes systems to exploitation.
35. Misconfigured CORS: Weak Cross-Origin Resource Sharing (CORS) policies may allow unauthorized cross-domain data access.
36. HTTP Security Headers Misconfiguration: Poorly configured security headers can expose web applications to attacks like XSS, clickjacking, or CSRF.
🔹 XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection: Exploits vulnerable XML parsers to extract local files or execute code on the server.
38. XML Entity Expansion (XEE): A Denial of Service (DoS) attack that leverages large, recursive XML payloads to exhaust system resources.
39. XML Bomb: Overloads an XML parser with a small but exponentially expanding payload, causing resource exhaustion and system crashes.
🐱 Broken Access Control:
40. Inadequate Authorization: Weak authorization controls allow users to access resources or perform actions they shouldn't have permission for.
41. Privilege Escalation: Allows attackers to gain higher-level privileges, such as administrative rights, on a system.
42. Insecure Direct Object References: Exposes sensitive internal objects, allowing attackers to access unauthorized resources directly.
43. Forceful Browsing: Manually navigating to unauthorized pages to gain access to restricted resources.
44. Missing Function-Level Access Control: Failing to enforce access controls on specific functions or APIs lets unauthorized users perform restricted actions.
💻 Insecure Deserialization:
45. Remote Code Execution via Deserialization: Maliciously crafted serialized objects are deserialized by the application, allowing attackers to execute arbitrary code on the server.
46. Data Tampering: Manipulating serialized data allows attackers to alter or inject malicious data, compromising the integrity of the system.
47. Object Injection: Occurs when an attacker manipulates serialized objects to execute unintended actions or gain access to restricted data.
🔹 API Security Issues:
48. Insecure API Endpoints: Poorly secured API endpoints allow unauthorized access to sensitive data or system functions.
49. API Key Exposure: Leaking API keys through insecure practices can allow attackers to access and manipulate data or perform actions on behalf of the legitimate user.
50. Lack of Rate Limiting: Failing to implement rate limiting allows attackers to launch brute-force attacks or overwhelm the server with excessive requests.
51. Inadequate Input Validation: Accepting unvalidated or poorly sanitized inputs leads to vulnerabilities like injection attacks or data manipulation through the API.
💻 Insecure Communication:
52. Man-in-the-Middle (MITM) Attack: Attackers intercept and alter communication between two parties, stealing sensitive data or injecting malicious content.
53. Insufficient Transport Layer Security: Using weak or outdated SSL/TLS configurations exposes communication to interception or manipulation.
54. Insecure SSL/TLS Configuration: Poorly configured SSL/TLS settings weaken the encryption, allowing attackers to intercept or decrypt sensitive data.
55. Insecure Communication Protocols: Outdated or insecure communication protocols (like HTTP instead of HTTPS) leave data vulnerable to interception.
🔸 Client-Side Vulnerabilities:
56. DOM-based XSS: JavaScript vulnerabilities within the Document Object Model (DOM) allow attackers to inject and execute malicious scripts on the client-side.
57. Insecure Cross-Origin Communication: Poor cross-origin resource sharing policies allow unauthorized domains to access sensitive data.
58. Browser Cache Poisoning: Manipulating the browser cache to serve malicious content instead of legitimate web pages.
59. Clickjacking: Embedding a web page in a hidden frame to trick users into performing unintended actions, such as clicking buttons or links.
60. HTML5 Security Issues: New features of HTML5 (like local storage, web workers, etc.) introduce security risks if not properly implemented, such as exposing sensitive data.
🐱 Denial of Service (DoS):
61. Distributed Denial of Service (DDoS): Overloading a server with a flood of requests from multiple sources, rendering the system inaccessible to legitimate users.
62. Application Layer DoS: Targets the application layer by exhausting resources like CPU or memory, disrupting the web service.
63. Resource Exhaustion: Drains critical system resources (e.g., CPU, memory) by overwhelming the application, causing it to become unresponsive.
64. Slowloris Attack: Slowly opens connections to the server, preventing it from accepting legitimate connections, effectively causing a DoS.
65. XML Denial of Service: Exploits vulnerabilities in XML parsing by sending large or malformed XML payloads, consuming server resources.
🔹 Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF): Exploits vulnerabilities to send requests to unintended internal resources, potentially accessing sensitive data or performing unauthorized actions.
67. HTTP Parameter Pollution (HPP): Manipulates HTTP requests by injecting multiple parameters into a single request, leading to unexpected behavior or security issues.
68. Insecure Redirects and Forwards: Poor validation of redirects and forwards allows attackers to send users to malicious websites.
69. File Inclusion Vulnerabilities: Allows attackers to include unauthorized files, leading to remote code execution or disclosure of sensitive information.
70. Security Header Bypass: Exploits weak or missing security headers, allowing attackers to bypass protections like X-Frame-Options or Content-Security-Policy.
71. Clickjacking: (Duplicate from #59) Embeds a legitimate web page in a hidden frame to trick users into performing actions they're unaware of.
72. Inadequate Session Timeout: Sessions remain active for too long, allowing attackers to hijack them if a user leaves a session open.
73. Insufficient Logging and Monitoring: Failing to log and monitor critical events leaves attacks undetected and limits the ability to respond to incidents effectively.
74. Business Logic Vulnerabilities: Flaws in the design of application logic allow attackers to exploit intended functionality for malicious purposes.
75. API Abuse: Exploiting APIs for unintended purposes, such as scraping sensitive data or launching denial-of-service attacks.
💻 Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices: Storing sensitive data insecurely on mobile devices leaves it vulnerable to theft or tampering if the device is compromised.
77. Insecure Data Transmission on Mobile Devices: Failing to secure communication channels on mobile devices exposes data to interception or tampering.
78. Insecure Mobile API Endpoints: Weakly secured API endpoints in mobile applications allow attackers to access or manipulate sensitive data.
79. Mobile App Reverse Engineering: Attackers can decompile mobile apps to discover vulnerabilities, hardcoded secrets, or sensitive data.
🔸 IoT Web Vulnerabilities:
80. Insecure IoT Device Management: Poorly configured or unmanaged IoT devices can be compromised, leading to unauthorized access or control.
81. Weak Authentication on IoT Devices: IoT devices often use weak or default credentials, allowing attackers to gain unauthorized access.
82. IoT Device Vulnerabilities: IoT devices frequently have unpatched vulnerabilities, making them easy targets for attacks.
💻 Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes: Weak security on smart home devices allows attackers to gain unauthorized control or access to private networks.
84. IoT Data Privacy Issues: Insufficient data protection measures for IoT devices expose sensitive data, leading to privacy violations.
🔹 Authentication Bypass:
85. Insecure "Remember Me" Functionality: Poorly implemented "Remember Me" features store authentication tokens insecurely, allowing attackers to hijack user sessions.
86. CAPTCHA Bypass: Weak or poorly implemented CAPTCHA mechanisms can be bypassed, allowing bots to exploit web services or abuse resources.
🔸 Server-Side Request Forgery (SSRF):
87. Blind SSRF: Sends requests to internal services without the attacker seeing the response, but it can still infer information from other system behavior.
88. Time-Based Blind SSRF: A variation of blind SSRF where the attacker observes response times to infer sensitive information about internal services.
💻 Content Spoofing:
89. MIME Sniffing: Exploits browsers' content-type detection to execute malicious content or scripts.
90. X-Content-Type-Options Bypass: Circumvents browser security features designed to prevent MIME-type confusion, enabling the execution of unauthorized scripts.
91. Content Security Policy (CSP) Bypass: Exploits weaknesses in CSP configurations to execute scripts or load malicious content.
🔸 Business Logic Flaws:
92. Inconsistent Validation: Different parts of an application apply inconsistent validation, allowing attackers to bypass restrictions.
93. Race Conditions: Multiple concurrent actions lead to unexpected behavior, often exploited to bypass controls or manipulate data.
94. Order Processing Vulnerabilities: Flaws in how orders are processed allow attackers to manipulate prices, quantities, or other aspects of transactions.
95. Price Manipulation: Exploits flaws in pricing mechanisms to change product prices or discounts in an unauthorized manner.
96. Account Enumeration: Reveals whether an account exists by sending different responses based on the presence or absence of an account.
97. User-Based Flaws: Exploits weaknesses in how the system handles different users, leading to unauthorized actions or information disclosure.
🔹 Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities: Vulnerabilities that are not publicly known or disclosed, often targeted by attackers before a fix is available.
99. Unpatched Vulnerabilities: Vulnerabilities with publicly available fixes or patches that remain unpatched, leaving systems exposed.
100. Day-Zero Exploits: Exploits targeting vulnerabilities that are disclosed but remain unpatched, often leading to widespread attacks.
Thankyou
ReplyDelete