Hackitca Attack index
🟧 1. Web Exploits (Request-Based Attacks)
- SQL Injection
- OS Command Injection
- Remote/Local File Inclusion (RFI/LFI)
- Directory Traversal / Path Traversal
- HTTP Smuggling
- HTTP Request Splitting
- Buffer Overflow
- Server Misconfiguration
- Improper Input Handling
- Web Defacement
🟨 2. Client-Side Attacks
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Clickjacking
- Autocomplete Attribute Abuse
- Weak Password Recovery Validation
🟩 3. Server-Side Attacks (Session & State Manipulation)
- Session Fixation
- Session Prediction
- Persistent Session Cookies
- Insufficient Session Expiration
- Non-HttpOnly Cookies
- Unsecured Cookies
- Credential Leakage via Session
- HTTP Response Splitting
🟦 4. Protocol & Structure Exploits
- Invalid HTTP Method Usage
- Null Byte Injection
- Format String Attacks
- Malformed HTTP Requests
- JSON/XML Structure Misuse
🟪 5. Information Disclosure
- Error Message Display
- Server/Application Fingerprinting
- Directory Guessing
- Predictable Resource Location
🟥 6. Flooding & Slow Attacks
- Slowloris
- Slow Read
- Slow POST
⬛ 7. Business Logic & Abuse Attacks
- Brute Force Login
- Credential Stuffing
- Denial of Service (DoS)
- Web Scraping
- Automated Bots