# Web Vulnerabilities Methodology
{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Jifunze na fanya mazoezi ya GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
Katika kila Web Pentest, kuna **sehemu nyingi zilizofichwa na wazi ambazo zinaweza kuwa na udhaifu**. Chapisho hili linakusudia kuwa orodha ya kuangalia ili kuthibitisha kwamba umepitia udhaifu katika maeneo yote yanayowezekana.
## Proxies
{% hint style="info" %}
Siku hizi **maombi ya** **mtandao** kawaida **yanatumia** aina fulani ya **proxies** **za kati**, ambazo zinaweza kutumika (kuhujumu) ili kutumia udhaifu. Udhaifu huu unahitaji proxy yenye udhaifu kuwepo, lakini kawaida pia unahitaji udhaifu wa ziada katika backend.
{% endhint %}
* [ ] [**Kuhujumu vichwa vya hop-by-hop**](../abusing-hop-by-hop-headers.md)
* [ ] [**Uchafuzi wa Cache/Upotoshaji wa Cache**](../cache-deception.md)
* [ ] [**HTTP Request Smuggling**](../http-request-smuggling/)
* [ ] [**H2C Smuggling**](../h2c-smuggling.md)
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](../server-side-inclusion-edge-side-inclusion-injection.md)
* [ ] [**Kufichua Cloudflare**](../../network-services-pentesting/pentesting-web/uncovering-cloudflare.md)
* [ ] [**XSLT Server Side Injection**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [ ] [**Proxy / WAF Protections Bypass**](../proxy-waf-protections-bypass.md)
## **User input**
{% hint style="info" %}
Maombi mengi ya mtandao yatakubali **watumiaji kuingiza data ambayo itashughulikiwa baadaye.**\
Kulingana na muundo wa data ambayo server inatarajia, udhaifu fulani unaweza kutumika au kutotumika.
{% endhint %}
### **Reflected Values**
Ikiwa data iliyowekwa inaweza kwa namna fulani kuakisiwa katika jibu, ukurasa unaweza kuwa na udhaifu wa masuala kadhaa.
* [ ] [**Client Side Template Injection**](../client-side-template-injection-csti.md)
* [ ] [**Command Injection**](../command-injection.md)
* [ ] [**CRLF**](../crlf-0d-0a.md)
* [ ] [**Dangling Markup**](../dangling-markup-html-scriptless-injection/)
* [ ] [**File Inclusion/Path Traversal**](../file-inclusion/)
* [ ] [**Open Redirect**](../open-redirect.md)
* [ ] [**Prototype Pollution to XSS**](../deserialization/nodejs-proto-prototype-pollution/#client-side-prototype-pollution-to-xss)
* [ ] [**Server Side Inclusion/Edge Side Inclusion**](../server-side-inclusion-edge-side-inclusion-injection.md)
* [ ] [**Server Side Request Forgery**](../ssrf-server-side-request-forgery/)
* [ ] [**Server Side Template Injection**](../ssti-server-side-template-injection/)
* [ ] [**Reverse Tab Nabbing**](../reverse-tab-nabbing.md)
* [ ] [**XSLT Server Side Injection**](../xslt-server-side-injection-extensible-stylesheet-language-transformations.md)
* [ ] [**XSS**](../xss-cross-site-scripting/)
* [ ] [**XSSI**](../xssi-cross-site-script-inclusion.md)
* [ ] [**XS-Search**](../xs-search.md)
Baadhi ya udhaifu uliotajwa unahitaji hali maalum, wengine wanahitaji tu maudhui kuakisiwa. Unaweza kupata polygloths kadhaa za kuvutia ili kujaribu haraka udhaifu katika:
{% content-ref url="../pocs-and-polygloths-cheatsheet/" %}
[pocs-and-polygloths-cheatsheet](../pocs-and-polygloths-cheatsheet/)
{% endcontent-ref %}
### **Search functionalities**
Ikiwa kazi hiyo inaweza kutumika kutafuta aina fulani ya data ndani ya backend, huenda unaweza (kuhujumu) kuitumia kutafuta data isiyo na mpangilio.
* [ ] [**File Inclusion/Path Traversal**](../file-inclusion/)
* [ ] [**NoSQL Injection**](../nosql-injection.md)
* [ ] [**LDAP Injection**](../ldap-injection.md)
* [ ] [**ReDoS**](../regular-expression-denial-of-service-redos.md)
* [ ] [**SQL Injection**](../sql-injection/)
* [ ] [**XPATH Injection**](../xpath-injection.md)
### **Forms, WebSockets and PostMsgs**
Wakati websocket inachapisha ujumbe au fomu inayowaruhusu watumiaji kufanya vitendo, udhaifu unaweza kutokea.
* [ ] [**Cross Site Request Forgery**](../csrf-cross-site-request-forgery.md)
* [ ] [**Kuhujumu WebSocket za Tovuti Mbalimbali (CSWSH)**](../websocket-attacks.md)
* [ ] [**Udhaifu wa PostMessage**](../postmessage-vulnerabilities/)
### **HTTP Headers**
Kulingana na vichwa vya HTTP vilivyotolewa na server ya mtandao, udhaifu fulani unaweza kuwepo.
* [ ] [**Clickjacking**](../clickjacking.md)
* [ ] [**Kupita Sera ya Usalama wa Maudhui**](../content-security-policy-csp-bypass/)
* [ ] [**Kuhujumu Cookies**](../hacking-with-cookies/)
* [ ] [**CORS - Makosa ya Usanidi & Kupita**](../cors-bypass.md)
### **Bypasses**
Kuna kazi kadhaa maalum ambapo njia mbadala zinaweza kuwa na manufaa ili kuzipita
* [ ] [**2FA/OTP Bypass**](../2fa-bypass.md)
* [ ] [**Kupita Mchakato wa Malipo**](../bypass-payment-process.md)
* [ ] [**Kupita Captcha**](../captcha-bypass.md)
* [ ] [**Kupita Kuingia**](../login-bypass/)
* [ ] [**Race Condition**](../race-condition.md)
* [ ] [**Kupita Kiwango cha Kiwango**](../rate-limit-bypass.md)
* [ ] [**Kupita Kurejesha Nenosiri Lililosahaulika**](../reset-password.md)
* [ ] [**Udhaifu wa Usajili**](../registration-vulnerabilities.md)
### **Structured objects / Specific functionalities**
Baadhi ya kazi zitahitaji **data kuwa na muundo maalum sana** (kama vile kitu kilichosawazishwa kwa lugha au XML). Kwa hivyo, ni rahisi kubaini ikiwa programu inaweza kuwa na udhaifu kwani inahitaji kushughulikia aina hiyo ya data.\
Baadhi ya **kazi maalum** pia zinaweza kuwa na udhaifu ikiwa **muundo maalum wa ingizo unatumika** (kama vile Uingizaji wa Vichwa vya Barua pepe).
* [ ] [**Deserialization**](../deserialization/)
* [ ] [**Email Header Injection**](../email-injections.md)
* [ ] [**Udhaifu wa JWT**](../hacking-jwt-json-web-tokens.md)
* [ ] [**XML External Entity**](../xxe-xee-xml-external-entity.md)
### Files
Kazi zinazoruhusu kupakia faili zinaweza kuwa na udhaifu wa masuala kadhaa.\
Kazi zinazozalisha faili ikiwa ni pamoja na ingizo la mtumiaji zinaweza kutekeleza msimbo usiotarajiwa.\
Watumiaji wanaofungua faili zilizopakiwa na watumiaji au zilizozalishwa kiotomatiki ikiwa ni pamoja na ingizo la mtumiaji wanaweza kuathirika.
* [ ] [**File Upload**](../file-upload/)
* [ ] [**Formula Injection**](../formula-csv-doc-latex-ghostscript-injection.md)
* [ ] [**PDF Injection**](../xss-cross-site-scripting/pdf-injection.md)
* [ ] [**Server Side XSS**](../xss-cross-site-scripting/server-side-xss-dynamic-pdf.md)
### **External Identity Management**
* [ ] [**OAUTH kwa Kuchukua Akaunti**](../oauth-to-account-takeover.md)
* [ ] [**Mashambulizi ya SAML**](../saml-attacks/)
### **Other Helpful Vulnerabilities**
Udhaifu huu unaweza kusaidia kutumia udhaifu mwingine.
* [ ] [**Kuchukua Domain/Subdomain**](../domain-subdomain-takeover.md)
* [ ] [**IDOR**](../idor.md)
* [ ] [**Parameter Pollution**](../parameter-pollution.md)
* [ ] [**Udhaifu wa Unicode Normalization**](../unicode-injection/)
{% hint style="success" %}
Jifunze na fanya mazoezi ya AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Jifunze na fanya mazoezi ya GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}