{"id":1400,"date":"2025-01-07T18:13:02","date_gmt":"2025-01-07T12:43:02","guid":{"rendered":"https:\/\/www.techandtrain.com\/blog\/?p=1400"},"modified":"2025-10-22T14:50:33","modified_gmt":"2025-10-22T09:20:33","slug":"list-of-hacking-types-you-should-be-protecting-your-website-portal-against-part-1","status":"publish","type":"post","link":"https:\/\/www.techandtrain.com\/blog\/2025\/01\/list-of-hacking-types-you-should-be-protecting-your-website-portal-against-part-1\/","title":{"rendered":"List of hacking types you should be protecting your website \/ portal against – Part 1"},"content":{"rendered":"\n

Comprehensive List of Website Hacking Types (100+) sourced from ChatGPT<\/h3>\n\n\n\n
    \n
  1. SQL Injection<\/li>\n\n\n\n
  2. Blind SQL Injection<\/li>\n\n\n\n
  3. Boolean-Based SQL Injection<\/li>\n\n\n\n
  4. Time-Based SQL Injection<\/li>\n\n\n\n
  5. Error-Based SQL Injection<\/li>\n\n\n\n
  6. Cross-Site Scripting (XSS)<\/li>\n\n\n\n
  7. Reflected XSS<\/li>\n\n\n\n
  8. Stored XSS<\/li>\n\n\n\n
  9. DOM-Based XSS<\/li>\n\n\n\n
  10. Cross-Site Request Forgery (CSRF)<\/li>\n\n\n\n
  11. Clickjacking<\/li>\n\n\n\n
  12. Remote File Inclusion (RFI)<\/li>\n\n\n\n
  13. Local File Inclusion (LFI)<\/li>\n\n\n\n
  14. Directory Traversal<\/li>\n\n\n\n
  15. Session Hijacking<\/li>\n\n\n\n
  16. DNS Spoofing<\/li>\n\n\n\n
  17. Man-in-the-Middle (MITM) Attack<\/li>\n\n\n\n
  18. Brute Force Attack<\/li>\n\n\n\n
  19. Credential Stuffing<\/li>\n\n\n\n
  20. Dictionary Attack<\/li>\n\n\n\n
  21. Code Injection<\/li>\n\n\n\n
  22. Command Injection<\/li>\n\n\n\n
  23. XML External Entities (XXE)<\/li>\n\n\n\n
  24. HTTP Host Header Attack<\/li>\n\n\n\n
  25. Broken Authentication<\/li>\n\n\n\n
  26. Sensitive Data Exposure<\/li>\n\n\n\n
  27. Security Misconfiguration<\/li>\n\n\n\n
  28. Insecure Deserialization<\/li>\n\n\n\n
  29. Server-Side Request Forgery (SSRF)<\/li>\n\n\n\n
  30. Denial of Service (DoS)<\/li>\n\n\n\n
  31. Distributed Denial of Service (DDoS)<\/li>\n\n\n\n
  32. Path Manipulation<\/li>\n\n\n\n
  33. Subdomain Takeover<\/li>\n\n\n\n
  34. Open Redirect<\/li>\n\n\n\n
  35. Cache Poisoning<\/li>\n\n\n\n
  36. Business Logic Attack<\/li>\n\n\n\n
  37. Social Engineering<\/li>\n\n\n\n
  38. Zero-Day Exploit<\/li>\n\n\n\n
  39. Exploit Kits<\/li>\n\n\n\n
  40. Malware Injection<\/li>\n\n\n\n
  41. Web Shell Attack<\/li>\n\n\n\n
  42. Phishing<\/li>\n\n\n\n
  43. Spear Phishing<\/li>\n\n\n\n
  44. Whaling<\/li>\n\n\n\n
  45. Content Spoofing<\/li>\n\n\n\n
  46. Parameter Tampering<\/li>\n\n\n\n
  47. URL Manipulation<\/li>\n\n\n\n
  48. Cookie Poisoning<\/li>\n\n\n\n
  49. HTTP Response Splitting<\/li>\n\n\n\n
  50. Broken Access Control<\/li>\n\n\n\n
  51. API Abuse<\/li>\n\n\n\n
  52. Side-Channel Attack<\/li>\n\n\n\n
  53. Supply Chain Attack<\/li>\n\n\n\n
  54. CSP Bypass (Content Security Policy Bypass)<\/li>\n\n\n\n
  55. OAuth Misconfiguration<\/li>\n\n\n\n
  56. DOM-Based XSS<\/li>\n\n\n\n
  57. Web Cache Deception<\/li>\n\n\n\n
  58. CRLF Injection<\/li>\n\n\n\n
  59. Eavesdropping<\/li>\n\n\n\n
  60. Remote Code Execution (RCE)<\/li>\n\n\n\n
  61. Privilege Escalation<\/li>\n\n\n\n
  62. SQL Truncation Attack<\/li>\n\n\n\n
  63. Timing Attack<\/li>\n\n\n\n
  64. Padding Oracle Attack<\/li>\n\n\n\n
  65. Credential Harvesting<\/li>\n\n\n\n
  66. Session Fixation<\/li>\n\n\n\n
  67. URL Redirection Attack<\/li>\n\n\n\n
  68. HTTP Parameter Pollution (HPP)<\/li>\n\n\n\n
  69. Race Condition<\/li>\n\n\n\n
  70. Slowloris Attack<\/li>\n\n\n\n
  71. DNS Amplification Attack<\/li>\n\n\n\n
  72. Smurf Attack<\/li>\n\n\n\n
  73. Ping of Death<\/li>\n\n\n\n
  74. SYN Flood<\/li>\n\n\n\n
  75. TCP Hijacking<\/li>\n\n\n\n
  76. ICMP Flood<\/li>\n\n\n\n
  77. ARP Spoofing<\/li>\n\n\n\n
  78. Email Spoofing<\/li>\n\n\n\n
  79. Typosquatting<\/li>\n\n\n\n
  80. Watering Hole Attack<\/li>\n\n\n\n
  81. Malvertising<\/li>\n\n\n\n
  82. Click Fraud<\/li>\n\n\n\n
  83. Cookie Injection<\/li>\n\n\n\n
  84. Cookie Theft<\/li>\n\n\n\n
  85. Cookie Tampering<\/li>\n\n\n\n
  86. DNS Cache Poisoning<\/li>\n\n\n\n
  87. Command and Control (C2) Attack<\/li>\n\n\n\n
  88. Keylogging<\/li>\n\n\n\n
  89. Credential Reuse Attack<\/li>\n\n\n\n
  90. Watermarking Attack<\/li>\n\n\n\n
  91. Image-Based Attack (Steganography)<\/li>\n\n\n\n
  92. WebRTC Leak<\/li>\n\n\n\n
  93. Host Header Injection<\/li>\n\n\n\n
  94. Token Hijacking<\/li>\n\n\n\n
  95. Hidden Field Manipulation<\/li>\n\n\n\n
  96. Bypassing Input Validation<\/li>\n\n\n\n
  97. Null Byte Injection<\/li>\n\n\n\n
  98. File Upload Vulnerability<\/li>\n\n\n\n
  99. Cross-Origin Resource Sharing (CORS) Exploit<\/li>\n\n\n\n
  100. Cross-Origin Request Attack (COR)<\/li>\n\n\n\n
  101. Security Token Exposure<\/li>\n\n\n\n
  102. HTML Injection<\/li>\n\n\n\n
  103. Frame Injection<\/li>\n\n\n\n
  104. Tabnabbing<\/li>\n\n\n\n
  105. DNS Rebinding<\/li>\n\n\n\n
  106. HTTP Smuggling<\/li>\n\n\n\n
  107. HTTP Desync Attack<\/li>\n\n\n\n
  108. SSL Stripping<\/li>\n\n\n\n
  109. TLS Downgrade Attack<\/li>\n\n\n\n
  110. JavaScript Injection<\/li>\n\n\n\n
  111. Python Code Injection<\/li>\n\n\n\n
  112. Bash Injection<\/li>\n\n\n\n
  113. Shellshock Attack<\/li>\n\n\n\n
  114. Path Traversal<\/li>\n\n\n\n
  115. Symlink Attack<\/li>\n\n\n\n
  116. Broken Function Level Authorization<\/li>\n\n\n\n
  117. DNS Tunneling<\/li>\n\n\n\n
  118. WebSocket Injection<\/li>\n\n\n\n
  119. Parameter Pollution<\/li>\n\n\n\n
  120. Java Deserialization Attack<\/li>\n\n\n\n
  121. PHP Object Injection<\/li>\n\n\n\n
  122. Command Injection via Environment Variables<\/li>\n\n\n\n
  123. Header Injection<\/li>\n\n\n\n
  124. RegEx Injection<\/li>\n\n\n\n
  125. Server-Side Template Injection (SSTI)<\/li>\n\n\n\n
  126. PHP Code Injection<\/li>\n\n\n\n
  127. DOM Clobbering<\/li>\n\n\n\n
  128. Prototype Pollution<\/li>\n\n\n\n
  129. Buffer Overflow<\/li>\n\n\n\n
  130. Heap Overflow<\/li>\n\n\n\n
  131. Stack Overflow<\/li>\n\n\n\n
  132. Heap Spray Attack<\/li>\n\n\n\n
  133. Session Replay Attack<\/li>\n\n\n\n
  134. Token Replay Attack<\/li>\n\n\n\n
  135. Referrer Leakage<\/li>\n\n\n\n
  136. Weak Password Attack<\/li>\n\n\n\n
  137. Content Injection<\/li>\n\n\n\n
  138. Response Tampering<\/li>\n\n\n\n
  139. Email Injection<\/li>\n\n\n\n
  140. Path Manipulation Attack<\/li>\n\n\n\n
  141. JSON Injection<\/li>\n\n\n\n
  142. LDAP Injection<\/li>\n\n\n\n
  143. XPath Injection<\/li>\n\n\n\n
  144. iFrame Injection<\/li>\n\n\n\n
  145. Process Injection<\/li>\n\n\n\n
  146. Memory Corruption<\/li>\n\n\n\n
  147. Cross-Site History Manipulation<\/li>\n\n\n\n
  148. Drive-by Download Attack<\/li>\n\n\n\n
  149. Command Injection via Shell<\/li>\n\n\n\n
  150. Exposed Debug Endpoint<\/li>\n\n\n\n
  151. Rate Limiting Bypass<\/li>\n\n\n\n
  152. Anti-Automation Bypass<\/li>\n\n\n\n
  153. Automated Scanner Detection Bypass<\/li>\n\n\n\n
  154. WAF Bypass (Web Application Firewall)<\/li>\n\n\n\n
  155. Websocket Abuse<\/li>\n\n\n\n
  156. Multi-Factor Authentication (MFA) Bypass<\/li>\n\n\n\n
  157. Sensitive File Exposure<\/li>\n\n\n\n
  158. Default Credentials Exploit<\/li>\n\n\n\n
  159. Hidden Admin Panel Detection<\/li>\n\n\n\n
  160. Deprecated API Exploit<\/li>\n\n\n\n
  161. Weak CAPTCHA Protection<\/li>\n\n\n\n
  162. Insufficient Logging and Monitoring<\/li>\n\n\n\n
  163. Excessive Data Exposure<\/li>\n\n\n\n
  164. Improper Error Handling<\/li>\n\n\n\n
  165. Full Path Disclosure<\/li>\n\n\n\n
  166. WebRTC Exploit<\/li>\n\n\n\n
  167. Content Spoofing in HTML Emails<\/li>\n\n\n\n
  168. Vulnerable JavaScript Libraries<\/li>\n\n\n\n
  169. Browser Fingerprinting<\/li>\n\n\n\n
  170. Remote Desktop Exploit<\/li>\n\n\n\n
  171. SAML Injection<\/li>\n\n\n\n
  172. JWT Token Forgery<\/li>\n\n\n\n
  173. Firebase Misconfiguration<\/li>\n\n\n\n
  174. Server Misconfiguration<\/li>\n\n\n\n
  175. Third-Party Script Exploits<\/li>\n<\/ol>\n\n\n\n