Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- beebox
- datastructure
- System
- cgroup
- pwnable
- basicrce3
- CodeEngn
- Reversing
- AWS
- bWAPP
- mount
- fork-bomb
- cloud
- EC2
- SISS
- 자료구조
- Linux
- htmlinjection
- wireshark
- backjoon
- python
- c
- Dreamhack
- 유석종교수님
- Reflected
- acc
- Systemhacking
- 백준
- 와이어샤크
- docker
Archives
- Today
- Total
Ctrl + Shift + ESC
BeeBox 취약점 목록 본문
A1. Injection
1. HTML Injeciton
- HTML Injeciton - Reflected (GET)
- HTML Injeciton - Reflected (POST)
- HTML Injeciton - Reflected (Current URL)
- HTML Injeciton - Stored (Blog)
2. Other Injection
- iframe Injection
- LDAP Injection (Search)
- Mail Header Injection(SMTP)
- OS Command Injection
- OS Command Injection - Blind
- PHP Code Injection
- Server-Side Includes (SSI) Injection
3. SQL Injection
- SQL Injection (GET/Search)
- SQL Injection (GET/Select)
- SQL Injection (POST/Search)
- SQL Injection (POST/Select)
- SQL Injection (AJAX/JSON/JQuery)
- SQL Injection (CAPTCHA)
- SQL Injection (Login Form/Hero)
- SQL Injection (Login Form/User)
- SQL Injection (SQLite)
- SQL Injection (Drupal)
- SQL Injection - Stored (Blog)
- SQL Injection - Stored (SQLite)
- SQL Injection - Stored (User-Agent)
- SQL Injection - Stored (XML)
4. Blind SQL Injection
- SQL Injection - Blind - Boolean-Based
- SQL Injection - Blind - Time-Based
- SQL Injection - Blind (SQLite)
- SQL Injection - Blind (Web Services/SOAP)
5. XML/Xpath Injection
A2. Broken Auth. & Session Mgmt.
1. Broken Authentication
- Broken Authentication - CAPTCHA Bypassing
- Broken Authentication - Forgotten Function
- Broken Authentication - Insecure Login Forms
- Broken Authentication - Logout Management
- Broken Authentication - Password Attacks
- Broken Authentication - Weak Passwords
2. Session Management
- Session Management - Administrative Portals
- Session Management - Cookies (HTTPOnly)
- Session Management - Cookies (Secure)
- Session Management - Session ID in URL
- Session Management - Strong Sessions
A3. Cross-Site Scripting (XSS)
1. Cross-Site Scripting - Reflected
- Cross-Site Scripting - Reflected (GET)
- Cross-Site Scripting - Reflected (POST)
- Cross-Site Scripting - Reflected (JSON)
- Cross-Site Scripting - Reflected (AJAX/JSON)
- Cross-Site Scripting - Reflected (AJAX/XML)
- Cross-Site Scripting - Reflected (Back Button)
- Cross-Site Scripting - Reflected (Custom Header)
- Cross-Site Scripting - Reflected (Eval)
- Cross-Site Scripting - Reflected (HREF)
- Cross-Site Scripting - Reflected (Login Form)
- Cross-Site Scripting - Reflected (phpMyAdmin)
- Cross-Site Scripting - Reflected (PHP_SELF)
- Cross-Site Scripting - Reflected (Referer)
- Cross-Site Scripting - Reflected (User-Agent)
2. Cross-Site Scripting - Stored
- Cross-Site Scripting - Stored (Blog)
- Cross-Site Scripting - Stored (Change Secret)
- Cross-Site Scripting - Stored (Cookies)
- Cross-Site Scripting - Stored (SQLiteManager)
- Cross-Site Scripting - Stored (User-Agent)
A4. Insecure Direct Object References
1. Inseure DOR
- Inseure DOR (Change Secret)
- Inseure DOR (Reset Secret)
- Inseure DOR (Order Tickets)
A5. Security Misconfiguration
- Arbitrary File Access (Samba)
- Cross-Domain Policy File (Flash)
- Cross-Origin Resource Sharing (AJAX)
- Cross-Site Tracing(XST)
- Denial-of-Service (Large Chunk Size)
- Denial-of-Service (Slow HTTP DoS)
- Denial-of-Service (SSL-Exhaustion)
- Denial-of-Service (XML Bomb)
- Insecure FTP Configuration
- Insecure SNMP Configuration
- Insecure WebDAV Configuration
- Local Priviilege Escalation (sendpage)
- Local Priviilege Escalation (udev)
- Man-in-the-Middle Attack (HTTP)
- Man-in-the-Middle Attack (SMTP)
- Old/Backup & Unreferenced Files
- Robots File
A6. Sensitive Data Exposure
- Base64 Encoding (Secret)
- BEAST/CRIME/BREACH Attacks
- Clear Text HTTP (Credentials)
- Heartbleed Vulnerability
- Host Header Attack (reset Poisoning)
- HTML5 Web Storage (Secret)
- POODLE Vulnerability
- SSL 2.0 Deprecated PRotocol
- Text Files (Accounts)
A7. Missing Functional Level Access Control
- Directory Traversal - Directories
- Directory Traversal - Files
- Host Header Attack (Cache Poisoning)
- Host Header Attack (Reset Poisioning)
- Local File Inclusion (SQLiteManager)
- Remote & Local File Inclusion (RFI/LFI)
- Restrict Device Access
- Restrict Folder Access
- Server Side Request Forgery (SSRF)
- XML External Entity Attacks (XXE)
A8. Cross-Site Request Forgery (CSRF)
- Cross-Site Request Forgery (Change Password)
- Cross-Site Request Forgery (Change Secret)
- Cross-Site Request Forgery (Transfer Amount)
A9. Using Known Vulnerable Components
- Bugger Overflow (Local)
- Buffer Overflow (Remote)
- Drupal SQK Injection (Drupageddon)
- Heartbleed Vulnerability
- PHP CGI Remote Code Execution
- PHP Eval Function
- phpMyAdmin BBCode Tag XSS
- Shellshock Vulnerability (CGI)
- SQLiteManager Local File Inclusion
- SQLiteManager PHP Code Injection
- SQLiteManager XSS
A10. Invalidated Redirects & Forwards
- Unvalidated Redirects & Forwards (1)
- Unvalidated Redirects & Forwards (2)
Other bugs...
- ClickJacking (Movie Tickets)
- Client-Side Validation (Password)
- HTTP Parameter Pollution
- HTTP Response Splitting
- HTTP Verb Tampering
- Information Disclosure - Favicon
- Information Disclosure - Headers
- Information Disclosure - PHP version
- Information Disclosure - Robots File
- Insecure iFrame (Login Form)
- Unrestrited File Upload
Extras
- A.I.M. - No-authentication Mode
- Client Access Policy File
- Cross-Domain Policy File
- Evil 666 Fuzzing Page
- Manual Intervention Required!
- Unprotected Admin Portal
- We Steal Secrets... (html)
- We Steal Secrets... (plain)
- WSDL File (Web Services/SOAP)
'Hacking/Web Hacking' Related Articles
more
