Security Knowledgebase / Resource Manipulation

Absolute Path Traversal Description If a product expects a filename as input it is possible that it can construct an absolute path such as...

Spyware Description The spyware is a program that captures statistic information from user´s computer and sends it over internet without...

Setting Manipulation Description This attack aims to modify application settings in order to cause data misleading or advantages on user behalf....

Repudiation Attack Description Repudiation is the act of refuse authoring of something that happened. A repudiation attack happens when an...

Relative Path Traversal This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal...

Forced browsing Description Forced browsing is an attack that’s aim to enumerate and access resources that are not referenced by the...

Double Encoding Description This attack technique consists of encode user request parameters twice in hexadecimal format in order to bypass...

Direct Dynamic Code Evaluation ('Eval Injection') Description This attack consists in a script does not properly validate user inputs in the page...

Custom Special Character Injection Description The software does not properly filter or quote special characters or reserved words that are used...

Comment Element Description Comments injected into an application through input can be used to compromise a system. as data is parsed, an...

Description This category of attacks exploit various path vulnerabilities to access files or directories that are not intended to be accessed....

Unicode Encoding Description The attack aims to explore flaws in the decode mechanism implemented on applications when decoding Unicode data...