HTTP Header Injection
HTTP header injection vulnerabilities arise when user-controllable data is inserted in an unsafe manner into an HTTP header returned by
Read moreWebsite
Attacking Other Users
The majority of interesting attacks against web applications involve targeting the server-side application itself. Many of these attacks do of course
Read moreAvoiding Logic Flaws
Just as there is no unique signature by which logic flaws in web applications can be identified, there is also
Read moreReal-World Logic Flaws
The best way to learn about logic flaws is not by theorizing, but through acquaintance with some actual examples. Although
Read moreAttacking Application Logic
All web applications employ logic in order to deliver their functionality. Writing code in a programming language involves at its
Read morePreventing Path Traversal Vulnerabilities
By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file
Read moreFinding and Exploiting Path Traversal Vulnerabilities
Path traversal vulnerabilities are often subtle and hard to detect, and it may be necessary to prioritize your efforts on
Read moreExploiting Path Traversal
Many kinds of functionality oblige a web application to read from or write to a file system on the basis
Read moreInjecting into LDAP
The Lightweight Directory Access Protocol (LDAP) is used for accessing directory services over a network. A directory is a hierarchically
Read moreInjecting into SMTP
Many applications contain a facility for users to submit messages via the application; for example, to report a problem to
Read more