Preventing Path Traversal Vulnerabilities
By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file
Read moreTutorial
Finding and Exploiting Path Traversal Vulnerabilities
Path traversal vulnerabilities are often subtle and hard to detect, and it may be necessary to prioritize your efforts on
Read moreExploiting Path Traversal
Many kinds of functionality oblige a web application to read from or write to a file system on the basis
Read moreInjecting into LDAP
The Lightweight Directory Access Protocol (LDAP) is used for accessing directory services over a network. A directory is a hierarchically
Read moreInjecting into SMTP
Many applications contain a facility for users to submit messages via the application; for example, to report a problem to
Read moreInjecting into XPath
The XML Path Language (or XPath) is an interpreted language used for navigating around XML documents, and for retrieving data
Read moreInjecting into SOAP
The Simple Object Access Protocol (SOAP) is a message-based communications technology that uses the XML format to encapsulate data. It
Read moreFile Inclusion Vulnerabilities
Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual
Read moreInjecting into Web Scripting Languages
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition
Read moreBypassing Filters
In some situations, an application that is vulnerable to SQL injection may implement various input filters that prevent you from
Read more