Summary IDN stands for Internationalized Domain Name which is a system that allows domain names to be written and displayed in different scripts and character sets. It enables the use of non-ASCII characters, such as letters with diacritical marks (é, á, č, ŭ, í, ó) in domain names. …

Summary An iFrame is a way to embed a webpage within another webpage. It’s like a small window that shows content from a different website. Open redirection vulnerability allows attackers to redirect users from a legitimate website to an attacker’s controlled website. Description We have found a very unique vulnerability…

Summary CRUD stands for Create, Read, Update, and Delete which are the four basic operations that are performed on data stored in a database. When building an API, these CRUD operations are often used for creating a basic interface for interacting with a database to perform these operations. These CRUD…

Summary SQL Wildcard DoS is about forcing the database to carry out CPU-intensive queries by using several wildcards. This vulnerability generally exists in search functionalities of web applications or in the functionalities where the data gets stored for e.g. searches, comments, image names, messages etc. …

Summary Local File Inclusion (LFI) is a type of web application vulnerability that allows an attacker to include and execute arbitrary files on the web server. An attacker can take advantage of this vulnerability by passing a malicious file path as a parameter, which could be a local file on…

Summary IDOR stands for Insecure Direct Object Reference which is a vulnerability that falls under the broken access control category. In brief, this vulnerability arises when an application uses user-supplied input to access an object directly. …

Summary API misconfiguration refers to the improper or insecure setup of an application programming interface (API). This can include issues such as weak authentication, lack of input validation, or improper access controls. API misconfigurations can provide an attacker with unauthorized access to sensitive data or the ability to perform actions…

Summary : Account Takeover (ATO) is an attack using which an attacker cat take ownership of another person’s account. There are multiple ways for an account takeover attack, namely brute forcing credentials, credentials stuffing, response manipulation, password reset poisoning, social engineering and phishing, 2FA bypass attacks etc. Description : I…

Summary : Shodan is a search engine for Internet-connected devices. It is different from search engines like Google and Bing because Google and Bing are great for finding websites but Shodan helps in finding different things like popular versions of Microsoft IIS, control servers for Malware, how many host are…