Marsの5εcur1ty備忘録

不定期的にCTF、脆弱性検証、バグバウンティレポート分析など、情報セキュリティを中心とした技術ブログを更新します。

CWE重要脆弱性一覧:Tainted Input

Bug Bounty

CRLF Injection (CWE-93)
Code Injection (CWE-94)
Command Injection - Generic (CWE-77)
Cross-site Scripting (XSS) - DOM (CWE-79)
Cross-site Scripting (XSS) - Generic (CWE-79)
Cross-site Scripting (XSS) - Reflected (CWE-79)
Cross-site Scripting (XSS) - Stored (CWE-79)
Deserialization of Untrusted Data (CWE-502)
HTTP Request Smuggling (CWE-444)
HTTP Response Splitting (CWE-113)
Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)
Insecure Direct Object Reference (IDOR) (CWE-639)
LDAP Injection (CWE-90)
OS Command Injection (CWE-78)
Path Traversal (CWE-22)
Remote File Inclusion (CWE-98)
Resource Injection (CWE-99)
SQL Injection (CWE-89)
Server-Side Request Forgery (SSRF) (CWE-918)
XML Entity Expansion (CWE-776)
XML External Entities (XXE) (CWE-611)
XML Injection (CWE-91)

Copyright Mars 2019