Jump to content

Recommended Posts

Posted

 

In this thread, I'll include all web hacking techniques and methods. The list is not provided by me. I just found it on my HDD. Credits go to whoever collected this information.

 

Parameter manipulation

 

[*] Arbitary File Deletion

[*] Code Execution

[*] Cookie Manipulation ( meta http-equiv & crlf injection )

[*] CRLF Injection ( HTTP response splitting )

[*] Cross Frame Scripting ( XFS )

[*] Cross-Site Scripting ( XSS )

[*] Directory traversal

[*] Email Injection

[*] File inclusion

[*] Full path disclosure

[*] LDAP Injection

[*] PHP code injection

[*] PHP curl_exec() url is controlled by user

[*] PHP invalid data type error message

[*] PHP preg_replace used on user input

[*] PHP unserialize() used on user input

[*] Remote XSL inclusion

[*] Script source code disclosure

[*] Server-Side Includes (SSI) Injection

[*] SQL injection

[*] URL redirection

[*] XPath Injection vulnerability

[*] EXIF

[*]Buffer Overflows

[*]Clickjacking

[*]Dangling Pointers

[*]Format String Attack

[*]FTP Bounce Attack

[*]Symlinking

 

 

This list below fits in category MultiRequest parameter manipulation

 

[*] Blind SQL injection (timing)

[*] Blind SQL/XPath injection (many types)

 

 

This list below fits in category File checks

 

[*] 8.3 DOS filename source code disclosure

[*] Search for Backup files

[*] Cross Site Scripting in URI

[*] PHP super-globals-overwrite

[*] Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )

 

 

This list below fits in category Directory checks

 

[*] Cross Site Scripting in path

[*] Cross Site Scripting in Referer

[*] Directory permissions ( mostly for IIS )

[*] HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )

[*] Possible sensitive files

[*] Session fixation ( jsessionid & PHPSESSID session fixation )

[*] Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )

[*] WebDAV ( very vulnerable component of IIS servers )

 

This list below fits in category Text Search Disclosure

 

[*] Application error message

[*] Check for common files

[*] Directory Listing

[*] Email address found

[*] Local path disclosure

[*] Possible sensitive files

[*] Microsoft Office possible sensitive information

[*] Possible internal IP address disclosure

[*] Possible server path disclosure ( Unix and Windows )

[*] Possible username or password disclosure

[*] Sensitive data not encrypted

[*] Source code disclosure

[*] Trojan shell ( r57,c99,crystal shell etc )

[*] ( IF ANY )Wordpress database credentials disclosure

 

This list below fits in category File Uploads

 

[*] Unrestricted File Upload

 

This list below fits in category Authentication

 

[*] Microsoft IIS WebDAV Authentication Bypass

[*] SQL injection in the authentication header

[*] Weak Password

[*] GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )

 

This list below fits in category Web Services - Parameter manipulation & with multirequest

 

[*] Application Error Message ( testing with empty, NULL, negative, big hex etc )

[*] Code Execution

[*] SQL Injection

[*] XPath Injection

[*] Blind SQL/XPath injection ( test for numeric,string,number inputs etc )

[*] Stored Cross-Site Scripting ( XSS )

[*] Cross-Site Request Forgery ( CSRF )

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Posts

    • Looks like somebody discovered AI recently
    • Added: Server monitoring has been added to the protection dashboard, available for Premium+ plans. Each entry displays: Account — game login. HWID — hardware ID. GSID — the game server the entry belongs to. IP — the player's address. Country — determined by IP, with flag and name. Useful for SEO promotion, do you know where more players come from Status — "Banned" or "OK". Extra windows — how many additional windows are allowed for this HWID beyond the global limit. Last seen — time of last activity.   At the top — a summary: total entries, number banned, time of the last report, and an Online/Offline indicator (based on how fresh the data from the protection is).   Filters and search Search by account, HWID, or IP. Country — select from countries actually present in the data. Game server (GS) — filter by GSID. Period — by last activity date (from / to). Banned only — quick filter for violators. Grouping — collapse data by HWID, IP, or account: one row per key with counts of accounts/HWIDs/IPs and number of entries. Handy for catching multi-accounters (many accounts from one HWID) and suspicious IPs.   Ban / Unban — banning by HWID blocks all accounts on that hardware. The protection will pick up the command within a minute; until applied, a "Pending…" status is shown. Grant windows — set additional windows (+N) for a specific HWID via a convenient selector. Single token per account to link the protection with the dashboard: Generate / Reissue token in one click. Show token — view the current value at any time. The token is stored encrypted. Don't share it with anyone — if compromised, simply reissue it and the old one stops working immediately. In the protection config, you can enable monitoring, insert the token, and change how often data is sent to the protection dashboard.
  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..