Top 10 Vulnerabilities in Bugbounty




Top 10 Vulnerabilities in Bug bounty



Before reading the article following are the 10 Vulnerabilities found in common websites.
Improve your knowledge in Ethical hacking by reading the following article 



1.XSS(Cross-Site Scripting)

It's one of the popular vulnerabilities found on every website. even Google and Facebook are affected by this Vulnerability. Due to this vulnerability attacker can redirect you to a malicious Website, he can also steal your credentials and session id, these are the reason to be ranked no 1 in Owasp. An attacker executes the JavaScript code on Parameters in URL or search bars. Every site is affected by this type of vulnerability

2.File Inclusion


 It's also the most dangerous vulnerability found in websites.attacker can get full access to servers by stealing the admin user and password.in Linux or windows, admin credentials are stored in a separate folder,  an attacker can change the file path to the password directory and steal his user and password

3.Url Redirection


These vulnerabilities found in even Facebook and Google subdomains.its most dangerous vulnerability.attacker can redirect the user to any malicious page or he can perform phishing attacks on that website. this vulnerability found in Dvwa or Owasp web application which you can practice


4.Sql Injection



Due to this attack, all server data will be leaked. An attacker can modify data in the database. its very dangerous vulnerability. but it's vulnerability found a rarely insecure website like google, twitter etc.in these attacks the attacker executes SQL commands on a parameter like "id=" .so these can lead an attacker to get full access to the database


5.Parameter Tampering


It is also a dangerous attack because the attacker can buy any product without any price if the website is affected by this vulnerability, the website will be in great loss. generally these vulnerability is found in low secure websites. all these can be achieved with the of burp suite traffic is intercepted in this tool so that attacker can modify the parameter values.



6.Html Injection


Its  also most dangerous vulnerability.the attacker change the normal  website to malicious website or he can insert form in website send the link to victim.so when victim opens the link and when victim fills the credentials.all the data is sent to attacker.so in this way the attacker can cheat user of the website.generally attacker execute HTML code in search bars or URLs containing parameters


7.Command Injection

If a website is vulnerable to command injection. the attacker can directly execute
Commands on Windows or Linux servers.Due to these attacks, he can get full control of the server by stealing the file admin user and password the same as in file inclusion attack. this vulnerability very rarely found on any website

8.File Upload


This is the most dangerous attack if the website is vulnerable to these types of attacks. An attacker can upload PHP shell to the server in this way he gets control of server.website should consist of file or image upload option. if website does not do any sanitize on the server-side these can lead to file upload Vulnerability. many websites effected by these vulnerabilities .some websites do sanitize on client-side,attacker intercept traffic on burp suite can modify file name.so instead sanitization should be done on the server-side


9.Host Header Injection

With these vulnerability, the attacker can redirect webpage to other malicious website by intercepting data in headers of packets using burpsuite.its also critical vulnerability found in common websites. if your well good at Ethical hacking you can join hacker one or bug crowd and find bugs in them in return you get rewards from that company.



Post a comment

0 Comments