Alternate XSS Syntax Description Cross Site Scripting is not just <script>alert('y0u ar3 0wn3d!');</script>. Because of JavaScript...

XPATH Injection Description Similar to SQL Injection, XPath Injection attacks occur when a web site uses user-supplied information to construct...

Web Parameter Tampering Description The Web Parameter Tampering attack is based on manipulation of parameters exchanged between client and server...

Special Element Injection Description Special Element Injection is a type of injection attack that exploits weakness related to reserved words and...

Server-Side Includes (SSI) Injection Description SSIs are directives present on Web applications used to feed a HTML page with dynamic...

Parameter Delimiter Description This attack is based on manipulation of parameters delimiter used by web application input vectors, in order to...

LDAP injection Description LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input....

Full Path Disclosure Overview Full Path Disclosure (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg:...

Format string attack Description The Format String exploit occurs when the submitted data of an input string is evaluated as a command by the...

Direct Static Code Injection Description Direct Static Code Injection attack consists on injecting code directly onto the resource used by...