Skip to main content

Database of all known hacking methods [Resolved]

As the internet is growing bigger and bigger, different kinds and methods of attack have been invented And there’s (anonymous) hackers who are willing to share these methods. I am wondering if there’s a database that records all known hacking methods and what exploits they used?


Question Credit: Andrew-at-TW
Question Reference
Asked March 25, 2019
Posted Under: Security
16 views
1 Answers

It's not that easy...

Example 1

Let's take SQL Injections as an example. You see a site like example.com/?page=1 and you try to change it to example.com/?page=1'. Suddenly you get an SQL error printed.

Is this a hacking method or an individual exploit?

Example 2

Take a local kiosk system with an attached keyboard. By pressing Win+R, I was able to start a command line and add a new local user.

Is this a hacking method or an individual exploit?

Example 3

ImageMagick is a popular image manipulation tool, with many bindings to popular platforms. It had a vulnerability which allowed me to upload files in mvg and svg format, which contained special schemas that allowed me to read and modify local files of the server.

Is this a hacking method or an individual exploit?

Methods versus Exploits

As I was hopefully able to demonstrate, it is difficult to judge what is considered a method and what is considered an individual exploit. Quite often, a "method" is just a very widespread vulnerability, such as insufficient output encoding, leading to all sorts of injection attacks.

It can also happen that potentially exploitable vulnerabilities are forgotten, such as it was the case with scriptless attacks. The paper is from 2012, yet I recall mentions of CSS-based keyloggers as early as 2005*1*.

If you are interested in learning about various exploit techniques, I recommend looking at real exploits, such as posted on Exploit-DB and try to understand how they work. If you come across a specific exploit and don't understand it in detail, I'm sure a well-written question here will give you high-quality answers. Sadly, there is no way to just look up a bunch of techniques Wikipedia-style and suddenly become üb3r1337 - similar to how you can't read a bunch of programming paradigms and become a rockstar developer.


1Although please don't quote me on that exact date.


credit: MechMK1
Answered March 25, 2019
Your Answer