1、命令注入(Command Injection)
http://www.myhack58.com/Article/60/61/2011/31118.htm
2、eval注入(Eval Injection)
http://www.myhack58.com/Article/60/61/2011/31118_2.htm
3、客户端脚本攻击(Script Insertion)
http://www.myhack58.com/Article/60/61/2011/31119.htm
4、跨网站脚本攻击(Cross Site Scripting, XSS)
http://www.myhack58.com/Article/60/61/2011/31120.htm
5、SQL注入攻击(SQL injection)
http://www.myhack58.com/Article/60/61/2011/31121.htm
6、跨网站请求伪造攻击(Cross Site Request Forgeries, CSRF)
http://www.myhack58.com/Article/60/61/2011/31122.htm
7、Session 会话劫持(Session Hijacking)
http://www.myhack58.com/Article/60/61/2011/31123.htm
8、Session 固定攻击(Session Fixation)
9、HTTP响应拆分攻击(HTTP Response Splitting)
http://www.myhack58.com/Article/60/61/2011/31124.htm
10、文件上传漏洞(File Upload Attack)
http://www.myhack58.com/Article/60/61/2011/31125.htm
12、远程文件包含攻击(Remote Inclusion)
13、动态函数注入攻击(Dynamic Variable Evaluation)
14、URL攻击(URL attack)
15、表单提交欺骗攻击(Spoofed Form Submissions)
16、HTTP请求欺骗攻击(Spoofed HTTP Requests)