☠️Web Vulnerability List

If You finish the OWASP top 10 list before ,It's time to learn some advance stuffs.

1. Insecure CORS Misconfiguration

2. Clickjacking (UI Redressing Attack)

3. Cross Site Scripting (XSS)

4. Cross Site Request Forgery (CSRF)

5. Broken Authentication

6. Insecure Direct Object References (IDOR)

7. Subdomain Takeover

8. Authentication Bypass

9. Cryptographic Failures

10. Local File Inclusion (LFI)

11. Remote File Inclusion (RFI)

12. 2FA Related issues

13. Server-side Template Injection (SSTI)

14. Denial of Service (DOS)

15. Race Condition

16. XML External Entities (XXE)

17. Server Side Request Forgery (SSRF)

18. Command Injection

    • Basic Command Injection

    • Blind Command Injection

19. SQL Injection

    • CLassic SQL Injection

    • Blind SQL Injection

      • Boolean-Based Blind SQL Injection

      • Time-Based Blind SQL Injection

    • Error-Based SQL Injection

    • Union-Based SQL Injection

    • Out-of-Band SQL Injection

20. Remote Code Execution (RCE)

21. NoSQL Injection

22. CRLF Injection

23. Open Redirect

24. Parameter Pollution

25. OAuth to Account Takeover