附录 - 漏洞类型

漏洞类型	英文	简写
跨站脚本	Cross Site Scripting	xss
跨站请求伪造	Cross Site Request Forgery	csrf
SQL 注入	SQL Injection	sqli
LDAP 注入	LDAP Injection	ldapi
空字节注入	Null Byte Injection	nullbytei
CRLF 注入	CRLF Injection	crlfi
SSI 注入	Server-Side Includes Injection / SSI Injection	ssii
Xpath 注入	XPath Injection	xpathi
Xml 注入	XML Injection	xxe
Xquery 注入	XQuery Injection	xqueryi
命令执行	Command Execution	cmd-exec
代码执行	Code Execution	code-exec
远程文件包含	Remote File Inclusion	rfi
本地文件包含	Local File Inclusion	lfi
功能函数滥用	Abuse of Functionality	func-abuse
暴力破解	Brute Force	brute-force
缓冲区溢出	Buffer Overflow	buffer-overflow
内容欺骗	Content Spoofing	spoofing
证书预测	Credential Prediction	credential-prediction
会话预测	Session Prediction	session-prediction
拒绝服务	Denial of Service	dos
格式化字符串	Format String	format-string
HTTP 响应伪造	HTTP Response Smuggling	http-response-smuggling
HTTP 响应拆分	HTTP Response Splitting	http-response-splitting
HTTP 请求拆分	HTTP Request Splitting	http-request-splitting
HTTP 请求伪造	HTTP Request Smuggling	http-request-smuggling
HTTP 参数污染	HTTP Parameter Pollution	hpp
整数溢出	Integer Overflows	int-overflow
可预测资源定位	Predictable Resource Location	res-location
会话固定	Session Fixation	session-fixation
URL 重定向	URL Redirector Abuse	redirect
权限提升	Privilege Escalation	privilege-escalation
解析错误	Resolve Error	resolve-error
任意文件创建	Arbitrary File Creation	file-creation
任意文件下载	Arbitrary File Download	file-download
任意文件删除	Arbitrary File Deletion	file-deletion
备份文件发现	Backup File Found	bakfile-disclosure
数据库发现	Database Found	db-disclosure
目录遍历	Directory Listing	dir-listing
目录穿越/遍历	Directory Traversal	dir-traversal
文件上传	File Upload	file-upload
登录绕过	Login Bypass	login-bypass
弱口令	Weak Password	weak-pass
远程密码修改	Remote Password Change	remote-pass-change
代码泄漏	Code Disclosure	code-disclosure
路径泄漏	Path Disclosure	path-disclosure
信息泄漏	Information Disclosure	info-disclosure
安全模式绕过	Security Mode Bypass	sec-bypass
挂马	Malware	mal
暗链	Black Link	black-link
后门	Backdoor	backdoor
未授权访问	Unauthorized Access	unauth