Add comprehensive OWASP Top 10 directory structure with injection payloads

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-05-26 19:36:33 +00:00 · 2026-01-04 18:24:32 +00:00
parent ef35e279c7
commit ab9c127df3
28 changed files with 1240 additions and 1 deletions
@@ -0,0 +1,14 @@
+# A06 - Vulnerable and Outdated Components
+
+## Description
+Components run with the same privileges as the application itself, so flaws in any component can result in serious impact. Applications using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.
+
+## Common Vulnerabilities
+- Outdated libraries
+- Unpatched systems
+- Vulnerable dependencies
+- End-of-life software
+- Unknown component inventory
+
+## Testing Approach
+Identify component versions, check for known CVEs, analyze dependency trees, and use vulnerability scanners.
@@ -0,0 +1,45 @@
+# Common Vulnerable Components to Check
+
+# JavaScript libraries
+jquery-1.x.x (Multiple XSS vulnerabilities)
+jquery-2.x.x (Before 2.2.0 - XSS)
+angular-1.x.x (Template injection)
+lodash-4.17.x (Prototype pollution)
+bootstrap-3.x.x (XSS vulnerabilities)
+moment.js (ReDoS)
+axios-0.18.x (SSRF)
+
+# Java libraries
+log4j-2.x (Log4Shell - CVE-2021-44228)
+spring-framework-4.x.x (Spring4Shell)
+struts-2.x.x (Multiple RCE)
+commons-collections-3.x (Deserialization)
+jackson-databind (Deserialization issues)
+
+# Python packages
+django-1.x.x (Multiple security issues)
+flask-0.x.x (Various vulnerabilities)
+requests-2.x.x (Security issues)
+pillow-<8.3.2 (Path traversal)
+pyyaml-<5.4 (Arbitrary code execution)
+
+# PHP libraries
+phpmailer-<6.5.0 (RCE)
+wordpress-<5.8 (Multiple vulnerabilities)
+symfony-<4.4.35 (Various issues)
+laravel-<8.75 (Authentication bypass)
+
+# Ruby gems
+rails-<6.1.4.2 (Multiple CVEs)
+devise-<4.8.0 (Security issues)
+nokogiri-<1.11.4 (XXE)
+
+# .NET packages
+Newtonsoft.Json-<13.0.1 (Deserialization)
+System.Text.Json-<5.0.2 (DoS)
+
+# Version detection strings
+Server: Apache/2.4.49 (Vulnerable to path traversal)
+X-Powered-By: PHP/7.3.0 (EOL)
+X-AspNet-Version: 4.0.30319
+Server: nginx/1.10.3 (Outdated)