Security Misconfigurations

Directory Traversal/Path Traversal

Directory traversal allows attackers to access files and directories stored outside of the root folder. These vulnerabilities can be manipulated using the dot-dot-slash sequence to reference absolute file paths and access critical/sensitive information.

Cookie Manipulation Attacks

This is sometimes referred to as a stored DOM-based attack, cookie manipulation is possible when vulnerable apps store user input and then embed it in a response within part of the DOM.