Once you've mapped your target's attack surface, it's time to hunt for the vulnerabilities that matter most! These core web vulnerability classes continue to plague web applications year after year, mastering them will help you find high-impact bugs on virtually any target.
Broken Access Control
When applications fail to properly enforce restrictions on what authenticated users are allowed to access or do, broken access control (BAC) vulnerabilities may arise. Practically, this means a bad user can bypass authorization checks and access resources, functions, or data they shouldn't have permission to view or modify.
Cross-Site Scripting
Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into web applications, which then execute in victims' browsers when they access the compromised content.
Reflected XSS occurs when malicious input is immediately returned in the HTTP response without proper sanitization, typically through URL parameters or form submissions that require victims to click specially crafted links.
Learn moreSQL Injection
SQL injection (or SQLi) is a vulnerability that occurs when applications improperly handle user input within database queries, allowing attackers to manipulate SQL commands and potentially access, modify, or delete unauthorized data.
This happens when user-controllable data is directly concatenated into SQL statements without proper sanitization or parameterized queries, enabling attackers to inject malicious SQL code that the database executes as legitimate commands.
Server-Side Request Forgery
SSRF vulnerabilities arise when unsanitized user input is passed to a function or component that is responsible for crafting an HTTP request for example. This allows the user to request an external or internal resource on behalf of the server.
Depending on the context and vulnerable component, this can often lead to requesting an external or internal resource (such as an API endpoint), sending an email on behalf of the client email server (if SMTP is supported), or even reading internal system configuration files.
Learn more
Information Disclosure
An information disclosure vulnerability originates when an application unintentionally exposes sensitive data to users who shouldn't have access to it. This data can either lead to a direct attack (e.g., disclosure of PII) or help aid in future attacks (e.g., hard-coded credentials). In both instances, this is due to poor security practices, misconfigurations, or inadequate access controls.
Learn more