该存储库为 Web 与 API 漏洞检查表,包含大量漏洞想法以及来自 Twitter 的提示,目前包含27个漏洞类型:
-
AEM misconfiguration (Adobe Experience Manager 错误配置)
-
Authentication (认证)
-
IDOR (IDOR-越权)
-
Business Logic (业务逻辑)
-
jire vulnerability (JIRE 漏洞)
-
register vulnerability (注册漏洞)
-
2FA bypassing (2步认证绕过)
-
admin panal.md (管理面板漏洞)
-
exif vulnerability (图片exif漏洞)
-
cookie attack (Cookie检测)
-
reset password attack (重置密码攻击)
-
Acount takeover checklist (帐户接管)
-
403 bypass checklist (403 绕过)
-
tips from twitter(推特提示)
-
tips from twitter p 2(推特提示2)
-
Sql injection (SQL注入漏洞)
-
xss (跨站攻击)
-
File Upload (文件上传漏洞)
-
rate limit (速率限制漏洞)
-
json attack (JSON攻击)
-
Csrf (跨站请求伪造漏洞)
-
RCE (远程代码执行漏洞)
-
API AUTHORIZATION (API 授权漏洞)
-
API Authentication (API鉴权漏洞)
-
MASS ASSIGNMENT (批量分配漏洞)
-
Django checklist (Django漏洞)
-
Hacking Symfony (Symfony攻击)