Attacks
What is an attack?
Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities - the attacks listed here describe something that an attacker would do (their actions), rather than a weakness in an application (something like a fault that could be exploited).
List of Attacks
- Abuse of Functionality by Colin Watson
- Binary Planting
- Blind SQL Injection
- Blind XPath Injection
- Brute Force Attack
- Buffer Overflow via Environment Variables
- Buffer Overflow Attack
- CORS OriginHeaderScrutiny
- CORS RequestPreflightScrutiny by Dominique RIGHETTO
- CSV Injection by Timo Goosen, Albinowax
- Cache Poisoning by Weilin Zhong, Rezos
- Cash Overflow by psiinon
- Clickjacking by Gustav Rydstedt
- Code Injection by Weilin Zhong, Rezos
- Command Injection by Weilin Zhong
- Comment Injection Attack by Weilin Zhong, Rezos
- Content Spoofing by Andrew Smith
- Credential stuffing by Neal Mueller
- Cross-User Defacement
- Cross Site Scripting (XSS) by KirstenS
- Cross Frame Scripting by Rezos, Justin Ludwig
- Cross Site History Manipulation (XSHM) by Adar Weidman
- Cross Site Tracing
- Cryptanalysis
- Custom Special Character Injection by Rezos
- Denial of Service by Nsrav
- Direct Dynamic Code Evaluation - Eval Injection
- Embedding Null Code by Nsrav
- Execution After Redirect (EAR) by Robert Gilbert (amroot)
- Forced browsing
- Form action hijacking by Robert Gilbert (amroot)
- Format string attack
- Full Path Disclosure
- Function Injection
- HTTP/2 Reset Attack by Vaibhav Malik
- HTTP Response Splitting
- LDAP Injection
- Log Injection
- Man-in-the-browser attack
- Manipulator-in-the-middle attack
- Mobile code invoking untrusted mobile code
- Mobile code non-final public field
- Mobile code object hijack
- Parameter Delimiter
- Password Spraying Attack by Rishu Ranjan
- Path Traversal
- Qrljacking
- RSQL Injection by David Utón (m3n0sd0n4ld)
- Reflected DOM Injection
- Regular expression Denial of Service - ReDoS by Adar Weidman
- Repudiation Attack
- Resource Injection
- Reverse Tabnabbing
- SQL Injection
- Server-Side Includes (SSI) Injection by Weilin Zhong, Nsrav
- Server Side Request Forgery by Eoftedal
- Session Prediction
- Session fixation by mwood
- Session hijacking attack
- Setting Manipulation
- Special Element Injection
- Spyware
- Traffic flood
- Trojan Horse
- Unicode Encoding
- Web Parameter Tampering
- Windows ::DATA Alternate Data Stream
- XPATH Injection
- XSRF
- XSS in Converting File Content to Text by Mohammad Reza Omrani
- XSS in subtitle by Mohammad MortazaviZade
- Cross Site Request Forgery (CSRF) by KirstenS
- IP Spoofing via HTTP Headers by Ahmadreza Parsizadeh
- Web Service Amplification Attack by Thomas Vissers