10 Common and known Vulnerabilities | Learn Ethical Hacking

 1. Brute Force Attack :

A brute-force attack is a cyberattack in which an attacker tries to guess a password or other secret code by trying many possible combinations. Brute-force attacks are a common type of cyberattack because they are relatively easy to carry out and can be effective against weak passwords.


Flow Diagram:





Attack Implementation:



Video:










2. CSRF Vulnerability: 

CSRF (Cross-Site Request Forgery) is a type of attack in which an attacker tricks a user's browser into performing an unwanted action on a web application. For example, an attacker could trick a user into transferring money from their bank account to the attacker's account.

Flow Diagram:





Attack Implementation:










Video:









3. Clickjacking Vulnerability:


Clickjacking is a type of attack in which an attacker tricks a user into clicking on a hidden link or button. 

For example, an attacker could overlay a fake button on top of a legitimate button, so that when the user clicks on the fake button, they actually perform the action on the legitimate button.


Flow Diagram:






Attack Implementation:









4. Long Password DoS Attack:

A long password DoS attack is a type of attack in which an attacker sends a web application a very long password, which can cause the application to crash or become unresponsive.



Attack Implementation:








5. Client-Side Validation Bypass Vulnerability:

A client-side validation bypass vulnerability is a type of vulnerability that allows an attacker to bypass the client-side validation checks on a web application. This can allow the attacker to submit malicious data to the web application.


Flow Diagram:






Attack Implementation:










6. SQL Injection:

SQL injection is a type of attack in which an attacker injects malicious SQL code into a web application. This can allow the attacker to view or modify data in the web application's database.



Flow Diagram:







Attack Implementation:












7. Broken Authentication:

Broken authentication is a type of vulnerability that allows an attacker to gain unauthorized access to a web application. This can be due to a variety of factors, such as weak passwords, poor password management, or insecure authentication mechanisms.



Flow Diagram:







Attack Implementation:








Video:










8. Rate Limit Issues:

Rate limit issues occur when a web application is bombarded with too many requests at once. This can cause the application to crash or become unresponsive.



examples of rate limit issues:

A user is unable to log into their account because they have exceeded the maximum number of login attempts in a given period of time.
A user is unable to send an email because they have exceeded the maximum number of emails that they can send in a given period of time.
A user is unable to upload a file to a server because they have exceeded the maximum file size that is allowed.
A website becomes unresponsive because it is being bombarded with too many requests at once.

Flow Diagram:







Video Link:







9. Broken Access Control:

Broken access control is a type of vulnerability that allows an attacker to access data or resources that they should not have access to. This can be due to a variety of factors, such as insecure permissions settings or misconfigured access control lists.


Flow Diagram:





Attack Implementation:










Video:






Comments

Post a Comment

Popular posts from this blog

OWASP Top 5 Vulnerability Explanation with implementation | Learn Ethical Hacking | Learn Bug Bounty Hunting

Image
DOS(Denial Of Service) Attack via Long Password:  A denial-of-service (DoS) attack via a long password is a type of application-layer attack that exploits a vulnerability in a web application's password hashing algorithm. By sending a very long password to the application, the attacker can cause the server to consume excessive CPU   and memory resources, leading to a denial of service for legitimate users.    Flow Diagram:   Attack implementation: Video: Cross-Site Script (XSS):    Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious code into a web page viewed by another user. This code can then be executed by the victim's browser, allowing the attacker to steal sensitive information, such as cookies or session tokens, or to take control of the victim's browser. There are three main types of XSS attacks: 1.  Reflected XSS: This type of attack occurs when the attacker injects maliciou...
Read more