Path traversal, also known as directory traversal, is a vulnerability that allows an attacker to access files and directories stored outside the intended directory. By exploiting improper validation of user-supplied input, attackers can manipulate file paths to access sensitive system files, configuration files, or any other data stored on the server.
CSRF is a security vulnerability that tricks a victim into performing unintended actions on a web application where they are authenticated. By exploiting the trust that a website places in the user’s browser, attackers can force users to execute actions without their consent or knowledge.
SQL Injection is a code injection technique that exploits a software vulnerability within the database query layer. This occurs when an application does not properly sanitise or neutralise special elements in SQL statements. Attackers craft malicious inputs to manipulate queries, gaining unauthorised access to databases or manipulating data.
Out-of-bounds write vulnerabilities (CWE-787) are among the most dangerous weaknesses in software development. If left unchecked, these vulnerabilities can have significant repercussions, including data corruption, service outages, and, in the worst cases, remote code execution.
An out-of-bounds write occurs when a program writes data outside the bounds of allocated memory, causing code compromise in the software.
At its core, XSS exploits the trust a user places in a web application. By manipulating input fields, URLs, or other interactive elements, attackers can introduce scripts that execute commands, steal sensitive information, or alter website functionality.