Vulnerability Guide

This section lists all vulnerabilities (issues) that can be detected by Nexploit and provides detailed information about each of them.

Test name Description Detectable vulnerabilities
Broken JWT Authentication Tests for secure implementation of JSON Web Token (JWT) in the application
Broken SAML Authentication Tests for secure implementation of SAML authentication in the application
Brute Force Login Tests for availability of commonly used credentials
Business Constraint Bypass Tests if the limitation of number of retrievable items via an API call is configured properly
Client-Side XSS
(DOM Cross-Site Scripting)
Tests if various application DOM parameters are vulnerable to JavaScript injections
Common Files Exposure Tests if common files that should not be accessible are accessible
Cookie Security Check Tests if the application uses and implements cookies with secure attributes
Cross-Site Request Forgery (CSRF) Tests application forms for vulnerable cross-site filling and submitting
Cross-Site Scripting (XSS) Tests if various application parameters are vulnerable to JavaScript injections
Default Login Location Tests if login form location in the target application is easy to guess and accessible
Directory Listing Tests if server-side directory listing is possible
Email Header Injection Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing
Exposed AWS S3 Buckets Details
(Open Buckets)
Tests if exposed AWS S3 links lead to anonymous read access to the bucket
Exposed Database Details
(Open Database)
Tests if exposed database connection strings are open to public connections
Full Path Disclosure (FPD) Tests if various application parameters are vulnerable to exposure of errors that include full webroot path
Headers Security Check Tests for proper Security Headers configuration
HTML Injection Tests if various application parameters are vulnerable to HTML injection
Improper Assets Management Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges
Insecure HTTP Method
(HTTP Method Fuzzer)
Tests enumeration of possible HTTP methods for vulnerabilities
Insecure TLS Configuration Tests SSL/TLS ciphers and configurations for vulnerabilities
Known JavaScript Vulnerabilities
(JavaScript Vulnerabilities Scanning)
Tests for known JavaScript component vulnerabilities
Known WordPress Vulnerabilities
(WordPress Scan)
Tests for known WordPress vulnerabilities and tries to enumerate a list of users
LDAP Injection Tests if various application parameters are vulnerable to unauthorized LDAP access
Local File Inclusion (LFI) Tests if various application parameters are vulnerable to loading of unauthorized local system resources
Mass Assignment Tests if it is possible to create requests with additional parameters to gain privilege escalation
OS Command Injection Tests if various application parameters are vulnerable to Operation System (OS) commands injection
Prototype Pollution Tests if it is possible to inject properties into existing JavaScript objects
Remote File Inclusion (RFI) Tests if various application parameters are vulnerable to loading of unauthorized remote system resources
Secret Tokens Leak Tests for exposure of secret API tokens or keys in the target application
Server Side Template Injection (SSTI) Tests if various application parameters are vulnerable to server-side code execution
Server Side Request Forgery (SSRF) Tests if various application parameters are vulnerable to internal resources access
SQL Injection (SQLI) SQL Injection tests vulnerable parameters for SQL database access
Unrestricted File Upload Tests if file upload mechanisms are validated properly and denies upload of malicious content
Unsafe Date Range
(Date Manipulation)
Tests if date ranges are set and validated properly
Unsafe Redirect
(Unvalidated Redirect)
Tests if various application parameters are vulnerable to injectinon of a malicious link which can redirect a user without validation
User ID Enumeration Tests if it is possible to collect valid user ID data by interacring with the target application
Version Control System Data Leak Tests if it is possible to access Version Control System (VCS) resources
XML External Entity Injection Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities

Did this page help you?