Attacks
What is an attack?
Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
List of Attacks
- Binary Planting
- Blind SQL Injection
- Blind XPath Injection
- Brute Force Attack
- Buffer Overflow via Environment Variables
- Buffer Overflow Attack
- CORS OriginHeaderScrutiny
- CORS RequestPreflightScrutiny by Dominique RIGHETTO
- CSV Injection by Timo Goosen, Albinowax
- Cache Poisoning by Weilin Zhong, Rezos
- Cash Overflow by psiinon
- Clickjacking by Gustav Rydstedt
- Code Injection by Weilin Zhong, Rezos
- Command Injection by Weilin Zhong
- Comment Injection Attack by Weilin Zhong, Rezos
- Content Spoofing by Andrew Smith
- Credential stuffing by Neal Mueller
- Cross-User Defacement
- Cross Site Scripting (XSS) by KirstenS
- Cross Frame Scripting by Rezos, Justin Ludwig
- Cross Site History Manipulation (XSHM) by Adar Weidman
- Cross Site Tracing
- Cryptanalysis
- Custom Special Character Injection by Rezos
- Denial of Service by Nsrav
- Direct Dynamic Code Evaluation - Eval Injection
- Embedding Null Code by Nsrav
- Execution After Redirect (EAR) by Robert Gilbert (amroot)
- Forced browsing
- Form action hijacking by Robert Gilbert (amroot)
- Format string attack
- Full Path Disclosure
- Function Injection
- HTTP Response Splitting
- LDAP Injection
- Log Injection
- Man-in-the-browser attack
- Manipulator-in-the-middle attack
- Mobile code invoking untrusted mobile code
- Mobile code non-final public field
- Mobile code object hijack
- Parameter Delimiter
- Password Spraying Attack by Rishu Ranjan
- Path Traversal
- Qrljacking
- Reflected DOM Injection
- Regular expression Denial of Service - ReDoS by Adar Weidman
- Repudiation Attack
- Resource Injection
- Reverse Tabnabbing
- SQL Injection
- Server-Side Includes (SSI) Injection by Weilin Zhong, Nsrav
- Server Side Request Forgery by Eoftedal
- Session Prediction
- Session fixation by mwood
- Session hijacking attack
- Setting Manipulation
- Special Element Injection
- Spyware
- Traffic flood
- Trojan Horse
- Unicode Encoding
- Web Parameter Tampering
- Windows ::DATA Alternate Data Stream
- XPATH Injection
- XSRF
- XSS in Converting File Content to Text by Mohammad Reza Omrani
- XSS in subtitle by Mohammad MortazaviZade
- Cross Site Request Forgery (CSRF) by KirstenS
- IP Spoofing via HTTP Headers by Ahmadreza Parsizadeh
- Web Service Amplification Attack by Thomas Vissers