Using Default Credentials
Misconfigured DNS
OAuth Misconfiguration
Mail Server Misconfiguration
Web Application Firewall (WAF) Bypass
No Rate Limiting on Form
Misconfiguration Missing Secure or HTTPOnly Cookie Flag
Lack of Security Headers
Lack of Password Confirmation
Database Management System (DBMS) Misconfiguration
Clickjacking
CAPTCHA
Username/Email Enumeration
Unsafe File Upload
Same-Site Scripting
Reflected File Download (RFD)
Potentially Unsafe HTTP Method Enabled
Missing DNSSEC
Insecure SSL
Fingerprinting/Banner Disclosure
Exposed Admin Portal
Directory Listing Enabled
Cookie Scoped to Parent Domain
Bitsquatting
Unsafe Cross-Origin Resource Sharing
SSL Attack
Path Traversal
Cache Poisoning
XML External Entity Injection (XXE)
SQL Injection
Local File Inclusion
HTTP Response Manipulation
Content Spoofing
Server-Side Template Injection (SSTI)
Parameter Pollution
我要先幫自己灑花 ✧*。 ٩(ˊᗜˋ*)و✧*。