v3xx's collections
-
![[ AppSec | Remote File Inclusion ]](https://s3.envato.com/files/477537375/ex-mi-envato-collection-rfi.png)
[ AppSec | Remote File Inclusion ]
By v3xxUsing remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts.
-
![[ AppSec | Local File Inclusion ]](https://s3.envato.com/files/477538672/ex-mi-envato-collection-lfi.png)
[ AppSec | Local File Inclusion ]
By v3xxLocal file inclusion (LFI) is the process of including files, that are already locally present on the server, through the exploiting of vulnerable inclusion procedures implemented in the application.
-
![[ AppSec | SQL Injection ]](https://s3.envato.com/files/477539487/ex-mi-envato-collection-sqli.png)
[ AppSec | SQL Injection ]
By v3xxA SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data, execute administr...
-
![[ AppSec | Shortcode Injection ]](https://s3.envato.com/files/477540703/ex-mi-envato-collection-si.png)
[ AppSec | Shortcode Injection ]
By v3xxContent spoofing, also referred to as content injection, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application doesn't properly handle user-supplied data, an attacker can supply content...
-
![[ AppSec | File Upload ]](https://s3.envato.com/files/477541094/ex-mi-envato-collection-fu.png)
[ AppSec | File Upload ]
By v3xxFile upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that eve...
-
![[ AppSec | Abuse of Functionality ]](https://s3.envato.com/files/477536737/ex-mi-envato-collection-aof.png)
[ AppSec | Abuse of Functionality ]
By v3xxBusiness logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal.
-
![[ AppSec | Privilege Escalation ]](https://s3.envato.com/files/636392111/v3xx-envato-collection-pe.png)
[ AppSec | Privilege Escalation ]
By v3xxPrivilege escalation is a process through which an unauthorized user gains access to resources restricted to a specific group of people, such as data that is restricted to users with specific WordPress user roles.
-
![[ AppSec | Info Exposure ]](https://s3.envato.com/files/477538486/ex-mi-envato-collection-ie.png)
[ AppSec | Info Exposure ]
By v3xxInformation disclosure, also known as information leakage or information exposure, is when a website unintentionally reveals sensitive information to its users.
-
![[ AppSec | Broken Access Control ]](https://s3.envato.com/files/477536216/ex-mi-envato-collection-bac.png)
[ AppSec | Broken Access Control ]
By v3xxAccess control is the application of constraints on who or what is authorized to perform actions or access resources. Broken access controls are common and often present a critical security vulnerability.
-
![[ AppSec | CSRF ]](https://s3.envato.com/files/477536395/ex-mi-envato-collection-csrf.png)
[ AppSec | CSRF ]
By v3xxCross-site request forgery (CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.
-
![[ AppSec | Spoofing ]](https://s3.envato.com/files/477540804/ex-mi-envato-collection-spoofing.png)
[ AppSec | Spoofing ]
By v3xxA spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.
-
![[ AppSec | IDOR ]](https://s3.envato.com/files/477540938/ex-mi-envato-collection-idor.png)
[ AppSec | IDOR ]
By v3xxInsecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, fo...
-
![[ AppSec | XSS ]](https://s3.envato.com/files/477541194/ex-mi-envato-collection-xss.png)
[ AppSec | XSS ]
By v3xxCross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form...
