hacktricks/pentesting-web/web-vulnerabilities-methodology.md

# Web Vulnerabilities Methodology

{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze na fanya mazoezi ya GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>
{% endhint %}

Katika kila Web Pentest, kuna **sehemu nyingi zilizofichwa na wazi ambazo zinaweza kuwa na udhaifu**. Chapisho hili linakusudia kuwa orodha ya kuangalia ili kuthibitisha kwamba umepitia udhaifu katika maeneo yote yanayowezekana.

## Proxies

{% hint style="info" %}
Siku hizi **maombi ya** **mtandao** kawaida **yanatumia** aina fulani ya **proxies** **za kati**, ambazo zinaweza (kutumika vibaya) kutekeleza udhaifu. Udhaifu huu unahitaji proxy yenye udhaifu kuwepo, lakini kawaida pia unahitaji udhaifu wa ziada kwenye backend.
{% endhint %}

* [ ] [**Kutatiza vichwa vya hop-by-hop**](abusing-hop-by-hop-headers.md)
* [ ] [**Uchafuzi wa Cache/Upotoshaji wa Cache**](cache-deception/)
* [ ] [**HTTP Request Smuggling**](http-request-smuggling/)
* [ ] [**H2C Smuggling**](h2c-smuggling.md)
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](server-side-inclusion-edge-side-inclusion-injection.md)
* [ ] [**Kufichua Cloudflare**](../network-services-pentesting/pentesting-web/uncovering-cloudflare.md)
* [ ] [**XSLT Server Side Injection**](xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [ ] [**Proxy / WAF Protections Bypass**](proxy-waf-protections-bypass.md)

## **Kuingiza kwa mtumiaji**

{% hint style="info" %}
Maombi mengi ya mtandao yatakubali **watumiaji kuingiza data ambayo itashughulikiwa baadaye.**\
Kulingana na muundo wa data ambayo server inatarajia, udhaifu fulani unaweza kutumika au kutoweza kutumika.
{% endhint %}

### **Thamani zilizorejelewa**

Ikiwa data iliyowekwa inaweza kwa namna fulani kurejelewa katika jibu, ukurasa unaweza kuwa na udhaifu wa masuala kadhaa.

* [ ] [**Client Side Template Injection**](client-side-template-injection-csti.md)
* [ ] [**Command Injection**](command-injection.md)
* [ ] [**CRLF**](crlf-0d-0a.md)
* [ ] [**Dangling Markup**](dangling-markup-html-scriptless-injection/)
* [ ] [**File Inclusion/Path Traversal**](file-inclusion/)
* [ ] [**Open Redirect**](open-redirect.md)
* [ ] [**Prototype Pollution to XSS**](deserialization/nodejs-proto-prototype-pollution/#client-side-prototype-pollution-to-xss)
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](server-side-inclusion-edge-side-inclusion-injection.md)
* [ ] [**Server Side Request Forgery**](ssrf-server-side-request-forgery/)
* [ ] [**Server Side Template Injection**](ssti-server-side-template-injection/)
* [ ] [**Reverse Tab Nabbing**](reverse-tab-nabbing.md)
* [ ] [**XSLT Server Side Injection**](xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [ ] [**XSS**](xss-cross-site-scripting/)
* [ ] [**XSSI**](xssi-cross-site-script-inclusion.md)
* [ ] [**XS-Search**](xs-search/)

Baadhi ya udhaifu uliotajwa unahitaji hali maalum, wengine wanahitaji tu yaliyomo kuonyeshwa. Unaweza kupata polygloths za kuvutia za kujaribu haraka udhaifu katika:

{% content-ref url="pocs-and-polygloths-cheatsheet/" %}
[pocs-and-polygloths-cheatsheet](pocs-and-polygloths-cheatsheet/)
{% endcontent-ref %}

### **Kazi za kutafuta**

Ikiwa kazi inaweza kutumika kutafuta aina fulani ya data ndani ya backend, labda unaweza (kutumika vibaya) kutafuta data isiyo ya kawaida.

* [ ] [**File Inclusion/Path Traversal**](file-inclusion/)
* [ ] [**NoSQL Injection**](nosql-injection.md)
* [ ] [**LDAP Injection**](ldap-injection.md)
* [ ] [**ReDoS**](regular-expression-denial-of-service-redos.md)
* [ ] [**SQL Injection**](sql-injection/)
* [ ] [**XPATH Injection**](xpath-injection.md)

### **Fomu, WebSockets na PostMsgs**

Wakati websocket inachapisha ujumbe au fomu inayowaruhusu watumiaji kufanya vitendo, udhaifu unaweza kutokea.

* [ ] [**Cross Site Request Forgery**](csrf-cross-site-request-forgery.md)
* [ ] [**Kuhijack WebSocket za Tovuti (CSWSH)**](websocket-attacks.md)
* [ ] [**Udhaifu wa PostMessage**](postmessage-vulnerabilities/)

### **HTTP Headers**

Kulingana na vichwa vya HTTP vilivyotolewa na server ya mtandao, udhaifu fulani unaweza kuwepo.

* [ ] [**Clickjacking**](clickjacking.md)
* [ ] [**Kupita Sera ya Usalama wa Maudhui**](content-security-policy-csp-bypass/)
* [ ] [**Cookies Hacking**](hacking-with-cookies/)
* [ ] [**CORS - Makosa ya Usanidi & Kupita**](cors-bypass.md)

### **Kupita**

Kuna kazi kadhaa maalum ambapo njia mbadala zinaweza kuwa na manufaa kupita.

* [ ] [**2FA/OTP Bypass**](2fa-bypass.md)
* [ ] [**Kupita Mchakato wa Malipo**](bypass-payment-process.md)
* [ ] [**Kupita Captcha**](captcha-bypass.md)
* [ ] [**Kupita Kuingia**](login-bypass/)
* [ ] [**Race Condition**](race-condition.md)
* [ ] [**Kupita Kiwango cha Kiwango**](rate-limit-bypass.md)
* [ ] [**Kupita Kurekebisha Nenosiri Lililosahaulika**](reset-password.md)
* [ ] [**Udhaifu wa Usajili**](registration-vulnerabilities.md)

### **Vitu vilivyo na muundo / Kazi maalum**

Baadhi ya kazi zitahitaji **data kuwa na muundo maalum sana** (kama vile kitu kilichosawazishwa au XML). Hivyo, ni rahisi kubaini ikiwa programu inaweza kuwa na udhaifu kwani inahitaji kushughulikia aina hiyo ya data.\
Baadhi ya **kazi maalum** pia zinaweza kuwa na udhaifu ikiwa **muundo maalum wa kuingiza unatumika** (kama vile Kuingiza Vichwa vya Barua pepe).

* [ ] [**Deserialization**](deserialization/)
* [ ] [**Kuingiza Vichwa vya Barua pepe**](email-injections.md)
* [ ] [**Udhaifu wa JWT**](hacking-jwt-json-web-tokens.md)
* [ ] [**XML External Entity**](xxe-xee-xml-external-entity.md)

### Faili

Kazi zinazoruhusu kupakia faili zinaweza kuwa na udhaifu wa masuala kadhaa.\
Kazi zinazozalisha faili ikiwa ni pamoja na kuingiza mtumiaji zinaweza kutekeleza msimbo usiotarajiwa.\
Watumiaji wanaofungua faili zilizopakiwa na watumiaji au zilizozalishwa kiotomatiki ikiwa ni pamoja na kuingiza mtumiaji wanaweza kuathirika.

* [ ] [**File Upload**](file-upload/)
* [ ] [**Kuingiza Formula**](formula-csv-doc-latex-ghostscript-injection.md)
* [ ] [**Kuingiza PDF**](xss-cross-site-scripting/pdf-injection.md)
* [ ] [**Server Side XSS**](xss-cross-site-scripting/server-side-xss-dynamic-pdf.md)

### **Usimamizi wa Utambulisho wa Nje**

* [ ] [**OAUTH kwa Kuchukua Akaunti**](oauth-to-account-takeover.md)
* [ ] [**Mashambulizi ya SAML**](saml-attacks/)

### **Udhaifu Mwingine wa Msaada**

Udhaifu huu unaweza kusaidia kutekeleza udhaifu mwingine.

* [ ] [**Kuchukua Domain/Subdomain**](domain-subdomain-takeover.md)
* [ ] [**IDOR**](idor.md)
* [ ] [**Parameter Pollution**](parameter-pollution.md)
* [ ] [**Udhaifu wa Unicode Normalization**](unicode-injection/)

{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze na fanya mazoezi ya GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>
{% endhint %}
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`# Web Vulnerabilities Methodology`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% hint style="success" %}`
			`Jifunze na fanya mazoezi ya AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Jifunze na fanya mazoezi ya GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<details>`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<summary>Support HackTricks</summary>`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* Angalia [mpango wa usajili](https://github.com/sponsors/carlospolop)!`
			`* Jiunge na 💬 [kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuatilie kwenye Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Shiriki mbinu za hacking kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% endhint %}`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Katika kila Web Pentest, kuna sehemu nyingi zilizofichwa na wazi ambazo zinaweza kuwa na udhaifu. Chapisho hili linakusudia kuwa orodha ya kuangalia ili kuthibitisha kwamba umepitia udhaifu katika maeneo yote yanayowezekana.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
			`## Proxies`

			`{% hint style="info" %}`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Siku hizi maombi ya mtandao kawaida yanatumia aina fulani ya proxies za kati, ambazo zinaweza (kutumika vibaya) kutekeleza udhaifu. Udhaifu huu unahitaji proxy yenye udhaifu kuwepo, lakini kawaida pia unahitaji udhaifu wa ziada kwenye backend.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`{% endhint %}`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Kutatiza vichwa vya hop-by-hop](abusing-hop-by-hop-headers.md)`
			`* [ ] [Uchafuzi wa Cache/Upotoshaji wa Cache](cache-deception/)`
			`* [ ] [HTTP Request Smuggling](http-request-smuggling/)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`* [ ] [H2C Smuggling](h2c-smuggling.md)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Server Side Inclusion/Edge Side Inclusion](server-side-inclusion-edge-side-inclusion-injection.md)`
			`* [ ] [Kufichua Cloudflare](../network-services-pentesting/pentesting-web/uncovering-cloudflare.md)`
			`* [ ] [XSLT Server Side Injection](xslt-server-side-injection-extensible-stylesheet-language-transformations.md)`
			`* [ ] [Proxy / WAF Protections Bypass](proxy-waf-protections-bypass.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`## Kuingiza kwa mtumiaji`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
			`{% hint style="info" %}`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Maombi mengi ya mtandao yatakubali watumiaji kuingiza data ambayo itashughulikiwa baadaye.\`
			`Kulingana na muundo wa data ambayo server inatarajia, udhaifu fulani unaweza kutumika au kutoweza kutumika.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`{% endhint %}`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Thamani zilizorejelewa`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Ikiwa data iliyowekwa inaweza kwa namna fulani kurejelewa katika jibu, ukurasa unaweza kuwa na udhaifu wa masuala kadhaa.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Client Side Template Injection](client-side-template-injection-csti.md)`
			`* [ ] [Command Injection](command-injection.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`* [ ] [CRLF](crlf-0d-0a.md)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* [ ] [Dangling Markup](dangling-markup-html-scriptless-injection/)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [File Inclusion/Path Traversal](file-inclusion/)`
			`* [ ] [Open Redirect](open-redirect.md)`
			`* [ ] [Prototype Pollution to XSS](deserialization/nodejs-proto-prototype-pollution/#client-side-prototype-pollution-to-xss)`
			`* [ ] [Server Side Inclusion/Edge Side Inclusion](server-side-inclusion-edge-side-inclusion-injection.md)`
			`* [ ] [Server Side Request Forgery](ssrf-server-side-request-forgery/)`
			`* [ ] [Server Side Template Injection](ssti-server-side-template-injection/)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* [ ] [Reverse Tab Nabbing](reverse-tab-nabbing.md)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [XSLT Server Side Injection](xslt-server-side-injection-extensible-stylesheet-language-transformations.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`* [ ] [XSS](xss-cross-site-scripting/)`
			`* [ ] [XSSI](xssi-cross-site-script-inclusion.md)`
			`* [ ] [XS-Search](xs-search/)`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Baadhi ya udhaifu uliotajwa unahitaji hali maalum, wengine wanahitaji tu yaliyomo kuonyeshwa. Unaweza kupata polygloths za kuvutia za kujaribu haraka udhaifu katika:`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
			`{% content-ref url="pocs-and-polygloths-cheatsheet/" %}`
			`[pocs-and-polygloths-cheatsheet](pocs-and-polygloths-cheatsheet/)`
			`{% endcontent-ref %}`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Kazi za kutafuta`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Ikiwa kazi inaweza kutumika kutafuta aina fulani ya data ndani ya backend, labda unaweza (kutumika vibaya) kutafuta data isiyo ya kawaida.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [File Inclusion/Path Traversal](file-inclusion/)`
			`* [ ] [NoSQL Injection](nosql-injection.md)`
			`* [ ] [LDAP Injection](ldap-injection.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`* [ ] [ReDoS](regular-expression-denial-of-service-redos.md)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [SQL Injection](sql-injection/)`
			`* [ ] [XPATH Injection](xpath-injection.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
			`### Fomu, WebSockets na PostMsgs`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Wakati websocket inachapisha ujumbe au fomu inayowaruhusu watumiaji kufanya vitendo, udhaifu unaweza kutokea.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Cross Site Request Forgery](csrf-cross-site-request-forgery.md)`
			`* [ ] [Kuhijack WebSocket za Tovuti (CSWSH)](websocket-attacks.md)`
			`* [ ] [Udhaifu wa PostMessage](postmessage-vulnerabilities/)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### HTTP Headers`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Kulingana na vichwa vya HTTP vilivyotolewa na server ya mtandao, udhaifu fulani unaweza kuwepo.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* [ ] [Clickjacking](clickjacking.md)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Kupita Sera ya Usalama wa Maudhui](content-security-policy-csp-bypass/)`
			`* [ ] [Cookies Hacking](hacking-with-cookies/)`
			`* [ ] [CORS - Makosa ya Usanidi & Kupita](cors-bypass.md)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol 2024-04-10 13:41:11 +00:00			`### Kupita`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Kuna kazi kadhaa maalum ambapo njia mbadala zinaweza kuwa na manufaa kupita.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [2FA/OTP Bypass](2fa-bypass.md)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* [ ] [Kupita Mchakato wa Malipo](bypass-payment-process.md)`
Translated ['generic-methodologies-and-resources/external-recon-methodol 2024-04-10 13:41:11 +00:00			`* [ ] [Kupita Captcha](captcha-bypass.md)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* [ ] [Kupita Kuingia](login-bypass/)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Race Condition](race-condition.md)`
			`* [ ] [Kupita Kiwango cha Kiwango](rate-limit-bypass.md)`
			`* [ ] [Kupita Kurekebisha Nenosiri Lililosahaulika](reset-password.md)`
			`* [ ] [Udhaifu wa Usajili](registration-vulnerabilities.md)`

			`### Vitu vilivyo na muundo / Kazi maalum`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Baadhi ya kazi zitahitaji data kuwa na muundo maalum sana (kama vile kitu kilichosawazishwa au XML). Hivyo, ni rahisi kubaini ikiwa programu inaweza kuwa na udhaifu kwani inahitaji kushughulikia aina hiyo ya data.\`
			`Baadhi ya kazi maalum pia zinaweza kuwa na udhaifu ikiwa muundo maalum wa kuingiza unatumika (kama vile Kuingiza Vichwa vya Barua pepe).`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Deserialization](deserialization/)`
			`* [ ] [Kuingiza Vichwa vya Barua pepe](email-injections.md)`
			`* [ ] [Udhaifu wa JWT](hacking-jwt-json-web-tokens.md)`
			`* [ ] [XML External Entity](xxe-xee-xml-external-entity.md)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`### Faili`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Kazi zinazoruhusu kupakia faili zinaweza kuwa na udhaifu wa masuala kadhaa.\`
			`Kazi zinazozalisha faili ikiwa ni pamoja na kuingiza mtumiaji zinaweza kutekeleza msimbo usiotarajiwa.\`
			`Watumiaji wanaofungua faili zilizopakiwa na watumiaji au zilizozalishwa kiotomatiki ikiwa ni pamoja na kuingiza mtumiaji wanaweza kuathirika.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [File Upload](file-upload/)`
			`* [ ] [Kuingiza Formula](formula-csv-doc-latex-ghostscript-injection.md)`
			`* [ ] [Kuingiza PDF](xss-cross-site-scripting/pdf-injection.md)`
			`* [ ] [Server Side XSS](xss-cross-site-scripting/server-side-xss-dynamic-pdf.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Usimamizi wa Utambulisho wa Nje`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [OAUTH kwa Kuchukua Akaunti](oauth-to-account-takeover.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`* [ ] [Mashambulizi ya SAML](saml-attacks/)`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Udhaifu Mwingine wa Msaada`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Udhaifu huu unaweza kusaidia kutekeleza udhaifu mwingine.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Kuchukua Domain/Subdomain](domain-subdomain-takeover.md)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00			`* [ ] [IDOR](idor.md)`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* [ ] [Parameter Pollution](parameter-pollution.md)`
			`* [ ] [Udhaifu wa Unicode Normalization](unicode-injection/)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% hint style="success" %}`
			`Jifunze na fanya mazoezi ya AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Jifunze na fanya mazoezi ya GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<details>`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<summary>Support HackTricks</summary>`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* Angalia [mpango wa usajili](https://github.com/sponsors/carlospolop)!`
			`* Jiunge na 💬 [kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuatilie kwenye Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Shiriki mbinu za hacking kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
GitBook: No commit message 2024-04-06 19:39:38 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% endhint %}`