摘要:
#CSP Bypass(CSP 绕过) Content Security Policy (CSP) is used to define where scripts and other resources can be loaded or executed from. This module will 阅读全文
摘要:
#Weak Session IDs (弱会话) Knowledge of a session ID is often the only thing required to access a site as a specific user after they have logged in, if t 阅读全文
摘要:
#Cross Site Request Forgery (CSRF) CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they are curren 阅读全文
摘要:
#XSS(Stored) "Cross-Site Scripting (XSS)" attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign a 阅读全文
摘要:
#XSS(Reflected) "Cross-Site Scripting (XSS)" attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benig 阅读全文
摘要:
#XSS(DOM) "Cross-Site Scripting (XSS)" attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and 阅读全文
摘要:
#SQL Injection (Blind) When an attacker executes SQL injection attacks, sometimes the server responds with error messages from the database server com 阅读全文
摘要:
#SQL Injection (SQL 注入) A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the applicati 阅读全文
摘要:
#File Upload(文件上传) Uploaded files represent a significant risk to web applications. The first step in many attacks is to get some code to the system t 阅读全文
摘要:
#File Inclusion(文件包含) Some web applications allow the user to specify input that is used directly into file streams or allows the user to upload files 阅读全文