[Compilation] Website Hacking Methods

[The High Roller]

 

In this thread, I'll include all web hacking techniques and methods. The list is not provided by me. I just found it on my HDD. Credits go to whoever collected this information.

 

Parameter manipulation

 

[*] Arbitary File Deletion

[*] Code Execution

[*] Cookie Manipulation ( meta http-equiv & crlf injection )

[*] CRLF Injection ( HTTP response splitting )

[*] Cross Frame Scripting ( XFS )

[*] Cross-Site Scripting ( XSS )

[*] Directory traversal

[*] Email Injection

[*] File inclusion

[*] Full path disclosure

[*] LDAP Injection

[*] PHP code injection

[*] PHP curl_exec() url is controlled by user

[*] PHP invalid data type error message

[*] PHP preg_replace used on user input

[*] PHP unserialize() used on user input

[*] Remote XSL inclusion

[*] Script source code disclosure

[*] Server-Side Includes (SSI) Injection

[*] SQL injection

[*] URL redirection

[*] XPath Injection vulnerability

[*] EXIF

[*]Buffer Overflows

[*]Clickjacking

[*]Dangling Pointers

[*]Format String Attack

[*]FTP Bounce Attack

[*]Symlinking

 

 

This list below fits in category MultiRequest parameter manipulation

 

[*] Blind SQL injection (timing)

[*] Blind SQL/XPath injection (many types)

 

 

This list below fits in category File checks

 

[*] 8.3 DOS filename source code disclosure

[*] Search for Backup files

[*] Cross Site Scripting in URI

[*] PHP super-globals-overwrite

[*] Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )

 

 

This list below fits in category Directory checks

 

[*] Cross Site Scripting in path

[*] Cross Site Scripting in Referer

[*] Directory permissions ( mostly for IIS )

[*] HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )

[*] Possible sensitive files

[*] Session fixation ( jsessionid & PHPSESSID session fixation )

[*] Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )

[*] WebDAV ( very vulnerable component of IIS servers )

 

This list below fits in category Text Search Disclosure

 

[*] Application error message

[*] Check for common files

[*] Directory Listing

[*] Email address found

[*] Local path disclosure

[*] Possible sensitive files

[*] Microsoft Office possible sensitive information

[*] Possible internal IP address disclosure

[*] Possible server path disclosure ( Unix and Windows )

[*] Possible username or password disclosure

[*] Sensitive data not encrypted

[*] Source code disclosure

[*] Trojan shell ( r57,c99,crystal shell etc )

[*] ( IF ANY )Wordpress database credentials disclosure

 

This list below fits in category File Uploads

 

[*] Unrestricted File Upload

 

This list below fits in category Authentication

 

[*] Microsoft IIS WebDAV Authentication Bypass

[*] SQL injection in the authentication header

[*] Weak Password

[*] GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )

 

This list below fits in category Web Services - Parameter manipulation & with multirequest

 

[*] Application Error Message ( testing with empty, NULL, negative, big hex etc )

[*] Code Execution

[*] SQL Injection

[*] XPath Injection

[*] Blind SQL/XPath injection ( test for numeric,string,number inputs etc )

[*] Stored Cross-Site Scripting ( XSS )

[*] Cross-Site Request Forgery ( CSRF )