OWASP Top 5 Vulnerability Explanation with implementation | Learn Ethical Hacking | Learn Bug Bounty Hunting


DOS(Denial Of Service) Attack via Long Password: 

A denial-of-service (DoS) attack via a long password is a type of application-layer attack that exploits a vulnerability in a web application's password hashing algorithm. By sending a very long password to the application, the attacker can cause the server to consume excessive CPU and memory resources, leading to a denial of service for legitimate users.

  


Flow Diagram:



 

Attack implementation:











Video:








Cross-Site Script (XSS): 
 
Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious code into a web page viewed by another user. This code can then be executed by the victim's browser, allowing the attacker to steal sensitive information, such as cookies or session tokens, or to take control of the victim's browser.

There are three main types of XSS attacks:

1.  Reflected XSS: This type of attack occurs when the attacker injects malicious code into a web request, such as a form submission or a search query. The web application then returns the malicious code to the user in the response.

2.  Stored XSS: This type of attack occurs when the attacker injects malicious code into a web application's persistent data store, such as a database. The malicious code is then stored in the data store and is executed whenever the data is retrieved and displayed to a user.

3.  DOM-based XSS: This type of attack occurs when the attacker injects malicious code into a web page's Document Object Model (DOM). The malicious code is then executed by the victim's browser when the DOM is loaded.


Flow Diagram:
    
    


Attack Implementation:











Video:







Client-Side Validation:
    
A client-side validation bypass vulnerability is a type of vulnerability that allows an attacker to bypass the client-side validation checks on a web application. This can allow the attacker to submit malicious data to the web application.




Flow Diagram:







Attack Implementation:











Video:







Open Directory Vulnerability:

An open directory vulnerability is a type of web security vulnerability that occurs when a web server allows users to access files and directories that are not intended to be publicly accessible. This can allow attackers to view sensitive data, such as configuration files or source code, or even to upload malicious files to the server.



Flow Diagram:


                                              




Attack Implementation:

















Video:










Insecure Direct Object Reference:
   
Insecure Direct Object Reference (IDOR) is a type of access control vulnerability that occurs when an application allows users to directly access objects without properly checking their permissions. This can allow attackers to access sensitive data or perform unauthorized actions, even if they are not authenticated.    



Flow Diagram:











Attack Implementation:











Video:





Comments

Post a Comment

Popular posts from this blog

10 Common and known Vulnerabilities | Learn Ethical Hacking

Image
 1. Brute Force Attack : A brute-force attack is a cyberattack in which an attacker tries to guess a password or other secret code by trying many possible combinations. Brute-force attacks are a common type of cyberattack because they are relatively easy to carry out and can be effective against weak passwords. Flow Diagram: Attack Implementation: Video: 2. CSRF Vulnerability:  CSRF (Cross-Site Request Forgery) is a type of attack in which an attacker tricks a user's browser into performing an unwanted action on a web application. For example, an attacker could trick a user into transferring money from their bank account to the attacker's account. Flow Diagram: Attack Implementation: Video: 3. Clickjacking Vulnerability: Clickjacking is a type of attack in which an attacker tricks a user into clicking on a hidden link or button.  For example, an attacker could overlay a fake button on top of a legitimate button, so that when the user clicks on the fake button, they actual...
Read more