ALL Websites Attacking Methods

Salam webiste hacking start karnay say phaly Hum Website Attacking Methods Ko Dakhain Gay Kitni kisam Kay Hotay Han Or
Ya full list nai hay, Agar ApKO Or Bhe Attacks
Atay Hain Jo mainy Chor daiya Han,
please comment below :) 

Is List Ko fits in category Parameter manipulation Kahtay Han

• Arbitary File Deletion
• Code Execution
• Cookie Manipulation ( meta http-equiv & crlf injection )
• CRLF Injection ( HTTP response splitting )
• Cross Frame Scripting ( XFS )
• Cross-Site Scripting ( XSS )
• Directory traversal
• Email Injection
• File inclusion
• Full path disclosure
• LDAP Injection
• PHP code injection
• PHP curl_exec() url is controlled by user
• PHP invalid data type error message
• PHP preg_replace used on user input
• PHP unserialize() used on user input
• Remote XSL inclusion
• Script source code disclosure
• Server-Side Includes (SSI) Injection
• SQL injection
• URL redirection
• XPath Injection vulnerability
• EXIF

 
Is List Ko fits in category MultiRequest parameter manipulation Khatay Han

• Blind SQL injection (timing)
• Blind SQL/XPath injection (many types)

Is List Ko fits in category File checks khatay Han

• 8.3 DOS filename source code disclosure
• Search for Backup files
• Cross Site Scripting in URI
• PHP super-globals-overwrite
• Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )

Is List Ko fits in category Directory checks khatay Han

• Cross Site Scripting in path
• Cross Site Scripting in Referer
• Directory permissions ( mostly for IIS )
• HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
• Possible sensitive files
• Possible sensitive files
• ******* fixation ( j*******id & PHPSESSID ******* fixation )
• Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
• WebDAV ( very vulnerable component of IIS servers )

Is List Ko fits in category Text Search Disclosure khatay Han

• Application error message
• Check for common files
• Directory Listing
• Email address found
• Local path disclosure
• Possible sensitive files
• Microsoft Office possible sensitive information
• Possible internal IP address disclosure
• Possible server path disclosure ( Unix and Windows )
• Possible username or password disclosure
• Sensitive data not encrypted
• Source code disclosure
• Trojan shell ( r57,c99,crystal shell etc )
• ( IF ANY )Wordpress database credentials disclosure

Is List Ko fits in category File Uploads khatay Han

• Unrestricted File Upload

Is List Ko fits in category Authentication Khatay Han

• Microsoft IIS WebDAV Authentication Bypass
• SQL injection in the authentication header
• Weak Password
• GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )

Is List Ko fits in category Web Services - Parameter manipulation & with multirequest Khatay Han

• Application Error Message ( testing with empty, NULL, negative, big hex etc )
• Code Execution
• SQL Injection
• XPath Injection
• Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
• Stored Cross-Site Scripting ( XSS )
• Cross-Site Request Forgery ( CSRF )