OWASP Top-25 Parameters

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon

What is top25-parameter 🧙⚔️

For basic researches, top 25 vulnerable parameters based on frequency of use with reference to various articles. These parameters can be used for automation tools or manual recon. Although the prevalence percentages of these parameters cannot be proven precisely, they were prepared by the TR Bug Hunters Community, which I founded, and myself.

This repo contains common parameters of the following vulnerabilities:

ToC

Cross-Site Scripting
Server-Side Request Forgery
Local File Inclusion
SQL Injection
Remote Code Execution
Open Redirect

Top 25 Cross-Site Scripting (XSS) Parameters

Top 25 Server-Side Request Forgery (SSRF) Parameters

Top 25 Local File Inclusion (LFI) Parameters

Top 25 SQL Injection Parameters

Top 25 Remote Code Execution (RCE) Parameters [GET based]

Top 25 Open Redirect Parameters [GET based]

How can I contact you?

To report issues or make suggestions for the Top-25 Parameters, please use GitHub Issues.

For everything else, we’re easy to answer your e-mail :

Send an e-mail to lutfu.mertceylan[at]owasp.org
Send an e-mail to info[at]lutfumertceylan.com.tr

You can @ us on Twitter @lutfumertceylan & @TR Bug Hunters.

Watch Star