The complete list of all coding vulnerabilities

R3zk0n · October 2, 2025

Active Directory
Contents

    PHP

    Missing Field Delimiter

    // Sinks
$hash = hash_hmac('md5', $username . $expiration, $key); // Username and Expiration can be concatenated in hash (e.g. admin + 12345 vs admin1 + 12345)

    JavaScript

    Directory Traversal

    // Sinks
path.join(options.path, sessionId + options.fileExtension); // Directory Traversal (https://koumudi-garikipati.medium.com/directory-traversal-in-express-js-55a8e852fb41)

    Golang

    LDAP Injection

    // Sinks
fmt.Sprintf(cfg.SearchQuery, username) // LDAP Injection from unsanitised username
fmt.Sprintf(cfg.SearchQuery, ldap.EscapeFilter(username))

    Ruby on Rails

    Insecure Data Storage

    if session[:brute_force_attempt] > 3 # Client-side signed session in Ruby on Rails can be manipulated by client to prevent value from incrementing (https://www.justinweiss.com/articles/how-rails-sessions-work/)

    Twitter, Facebook