10個(gè)網(wǎng)站漏洞今后會(huì)出視頻和大家一一介紹：

1. ?HTTP/2 Smuggling Exploit discrepancies between HTTP/2 and HTTP/1.1 on the backend.

2. XXE via Office Open XML Parsers Attackers inject malicious code into XML files during parsing.

3. SSRF via XSS in PDF Generators.?It's actually about injecting JavaScript that gets a free ride when HTML, CSS, and JavaScript are converted to PDF.

4. XSS via SVG Files Image uploads are common, ?JavaScript can be injected here, leading to XSS.

5. Blind XSS Injecting third-party scripts into form data can open up backends.

6. Web Cache Deception Involves manipulating URL paths and cached content to trick servers into caching sensitive data.

7. Web Cache Poisoning Be aware of the poison an attacker can store in cache via unkeyed inputs. A poisoned cache can serve a nasty surprise to users.

8. h2c Smuggling This vulnerability allows attackers to bypass controls via proxies when upgrading an HTTP/1.1 connection to h2c.

9. Second Order Subdomain Takeovers Remember, a referenced domain can become a golden opportunity for attackers due to misconfigurations.

10. PostMessage Bugs Misused JavaScript functions can open the door to cross-origin attacks.

詳細(xì)描述可以看這個(gè)鏈接:

https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/