Webové zranitelnosti -

Autentizace

Local Session Poisoning - Shared sessions

Autorizace

Code Execution

PHP include (PHP injection)  Remote Code Execution (RCE)

Injection

Cross-Site Scripting (XSS)  Global Variable Injection  HTTP Response Splitting  PHP include (PHP injection)  WWW-Autenticate Injection  XML External Entity (XXE)

Konfigurační nedostatky

Directory Listing  Same-Site Scripting (SSS)

Session management

Clickjacking  Cross-Site Cooking  Cross-Site Request Forgery (CSRF)  Cross-Subdomain Cooking  Insufficient logout  Insufficient Session Expiration  Local Session Poisoning - Shared sessions 
Logout action availability  Session Brute Forcing  Session Donation  Session Fixation  Session ID Name Fingerprinting  Session Prediction  Session Stealing  Session token in URL 

Únik informací

Apache MultiViews file discovery  Full Path Disclosure (FPD)  Microsoft IIS Tilde Enumeration  Too long cookie value  Vrácení obsahu společně s přesměrováním

Útoky proti uživatele

Blind Cross-Site Scripting  Browser Event Hijacking  Clickjacking  Cookiejacking  Cross-Site Request Forgery (CSRF)  Cross-Site Scripting (XSS)  Fake Applications in Browser  Fake Copy Content 
File From Frame hiJacking  HTTP Response Splitting  Open Redirect  Self Cross-Site Scripting  Špehování pohybu myši (IE)  Too long cookie value  Unitrix  WWW-Autenticate Injection 

Validace vstupu a výstupu

Blind Cross-Site Scripting  Cross-Site Scripting (XSS)  HTTP Response Splitting  SQL injection  SQL Truncation  URL injection, Reflected URL

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Lack of proper firmware protection—the firmware images are not protected, an attacker could upload a malicious firmware version to the device and compromise it

Cross-site scripting (XSS) Flaws—both LAN and WAN of D-Link 850L RevA is vulnerable to “several trivial” XSS vulnerability, allowing an attacker “to use the XSS to target an authenticated user in order to steal the authentication cookies.”

Retrieve admin passwords—both LAN and WAN of D-Link 850L RevB are vulnerable, an attacker can retrieve the admin password and use the MyDLink cloud protocol to add the user’s router to the attacker’s account to gain full access to the device.

Weak cloud protocol— both D-Link 850L RevA and RevB. are vulnerable. MyDLink protocol works via a TCP tunnel that use no encryption at all to protect communications between the victim’s router and the MyDLink account.

Backdoor Access—D-Link 850L RevB routers have backdoor access via Alphanetworks, an attacker can get a root shell on the device.

Private keys hardcoded in the firmware—the private encryption keys are hardcoded in the firmware of both D-Link 850L RevA and RevB. An attacker could extract them to perform man-in-the-middle attacks.

No authentication check—An attacker could alter the DNS settings of a D-Link 850L RevA router via non-authenticated HTTP requests and hijack the traffic.

Weak files permission and credentials stored in cleartext—local files are exposed in both D-Link 850L RevA and RevB. Credentials are stored in clear text.

Pre-Authentication RCEs as root—the internal DHCP client running on D-Link 850L RevB routers is vulnerable to several command injection attacks, allowing attackers to gain root access on the affected devices.

Denial of Service (DoS) Flaw—An attacker could crash some daemons running in both D-Link 850L RevA and RevB remotely via LAN triggering DoS conditions.