Webové zranitelnosti -

Úvod  Graf  Katalog Zranitelností  OWASP  Webové útoky (103)  Vulnerebility  Web Vul.


Local Session Poisoning - Shared sessions


Code Execution

PHP include (PHP injection)  Remote Code Execution (RCE)


Cross-Site Scripting (XSS)  Global Variable Injection  HTTP Response Splitting  PHP include (PHP injection)  WWW-Autenticate Injection  XML External Entity (XXE)

Konfigurační nedostatky

Directory Listing  Same-Site Scripting (SSS)

Session management

Clickjacking  Cross-Site Cooking  Cross-Site Request Forgery (CSRF)  Cross-Subdomain Cooking  Insufficient logout  Insufficient Session Expiration  Local Session Poisoning - Shared sessions 
Logout action availability  Session Brute Forcing  Session Donation  Session Fixation  Session ID Name Fingerprinting  Session Prediction  Session Stealing  Session token in URL 

Únik informací

Apache MultiViews file discovery  Full Path Disclosure (FPD)  Microsoft IIS Tilde Enumeration  Too long cookie value  Vrácení obsahu společně s přesměrováním

Útoky proti uživatele

Blind Cross-Site Scripting  Browser Event Hijacking  Clickjacking  Cookiejacking  Cross-Site Request Forgery (CSRF)  Cross-Site Scripting (XSS)  Fake Applications in Browser  Fake Copy Content 
File From Frame hiJacking  HTTP Response Splitting  Open Redirect  Self Cross-Site Scripting  Špehování pohybu myši (IE)  Too long cookie value  Unitrix  WWW-Autenticate Injection 

Validace vstupu a výstupu

Blind Cross-Site Scripting  Cross-Site Scripting (XSS)  HTTP Response Splitting  SQL injection  SQL Truncation  URL injection, Reflected URL



Lack of proper firmware protection—the firmware images are not protected, an attacker could upload a malicious firmware version to the device and compromise it

Cross-site scripting (XSS) Flaws—both LAN and WAN of D-Link 850L RevA is vulnerable to “several trivial” XSS vulnerability, allowing an attacker “to use the XSS to target an authenticated user in order to steal the authentication cookies.”

Retrieve admin passwords—both LAN and WAN of D-Link 850L RevB are vulnerable, an attacker can retrieve the admin password and use the MyDLink cloud protocol to add the user’s router to the attacker’s account to gain full access to the device.

Weak cloud protocol— both D-Link 850L RevA and RevB. are vulnerable. MyDLink protocol works via a TCP tunnel that use no encryption at all to protect communications between the victim’s router and the MyDLink account.

Backdoor Access—D-Link 850L RevB routers have backdoor access via Alphanetworks, an attacker can get a root shell on the device.

Private keys hardcoded in the firmware—the private encryption keys are hardcoded in the firmware of both D-Link 850L RevA and RevB. An attacker could extract them to perform man-in-the-middle attacks.

No authentication check—An attacker could alter the DNS settings of a D-Link 850L RevA router via non-authenticated HTTP requests and hijack the traffic.

Weak files permission and credentials stored in cleartext—local files are exposed in both D-Link 850L RevA and RevB. Credentials are stored in clear text.

Pre-Authentication RCEs as root—the internal DHCP client running on D-Link 850L RevB routers is vulnerable to several command injection attacks, allowing attackers to gain root access on the affected devices.

Denial of Service (DoS) Flaw—An attacker could crash some daemons running in both D-Link 850L RevA and RevB remotely via LAN triggering DoS conditions.

API Abuse

An API is a contract between a caller and a callee. The most common forms of API abuse are caused by the caller failing to honor its end of this contract. For example, if a program fails to call chdir() after calling chroot(), it violates the contract that specifies how to change the active root directory in a secure fashion. Another good example of library abuse is expecting the callee to return trustworthy DNS information to the caller. In this case, the caller abuses the callee API by making certain assumptions about its behavior (that the return value can be used for authentication purposes). One can also violate the caller-callee contract from the other side. For example, if a coder subclasses SecureRandom and returns a non-random value, the contract is violated.

Authentication Vulnerability

Authorization Vulnerability

Availability Vulnerability



Code Permission Vulnerability



Code Quality Vulnerability

Configuration Vulnerability



Cryptographic Vulnerability

Encoding Vulnerability



Environmental Vulnerability

Error HandlingVulnerability

General Logic Error Vulnerability

Input Validation Vulnerability

Logging and Auditing Vulnerability

Password Management Vulnerability

Path Vulnerability



Sensitive Data Protection Vulnerability

Session Management Vulnerability

Unsafe Mobile Code



Use of Dangerous API