No Valid SPF Record:- There is an email spoofing vulnerability. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it
CSRF ( Cross-Site Request Forgery ):- Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. … If the victim is an administrative account, CSRF can compromise the entire web application. Introduction to CSRF ( Cross-Site Request Forgery ) CSRF ( Cross-Site
Open Redirect:- Open redirect is a type of web application security issue that allows attackers to use your business reputation to make phishing attacks more effective. Introduction to Open Redirect Vulnerability Open Redirect Common Parameter List:- Open Redirect Vulnerability | Part – 2 Open Redirect Vulnerability POC Open Redirect Vulnerability In nokia.com POC
Parameter tampering:- Parameter tampering is a simple attack targeting the application business logic. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Data tampering:- Data tampering is the act of
HTML Injection:- Hypertext Markup Language (HTML) injection is a technique used to take advantage of non-validated input to modify a web page presented by a web application to its users. … When applications fail to validate user data, an attacker can send HTML-formatted text to modify site content that gets presented to other users. HTML Injection Vulnerability | Part
Host Header Attack:- HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. Host Header Attack Vulnerability |