Web App detection coverage

← Back to main site

Home/ Targets/ Web App

🌐Web App detections

Clankerusecase tracks 25 detection use cases covering the Web App attack surface across 20 MITRE ATT&CK techniques.

Application-layer detections — WAF telemetry, SQLi/XSS/SSRF/RCE, API findings.

Open Detection Library → View on the matrix

25Use cases

20Techniques

7Articles

3Kill-chain phases

Delivery (14)

Authentication not detected on admin API endpoint Internal delivery · hunting DD Unauthenticated route returns sensitive PII Internal delivery · alerting DD JWT authentication bypass attempt Internal delivery · alerting DD Local File Inclusion (LFI) exploited Internal delivery · alerting DD Spring4Shell RCE attempts (CVE-2022-22963) Internal delivery · alerting DD Application user activity from Tor Internal delivery · alerting DD Command injection exploited (WAF detection) Internal delivery · alerting DD Credential-stuffing attack on application Internal delivery · alerting DD Distributed credential-stuffing campaign Internal delivery · alerting DD Impossible travel from application business-logic event Internal delivery · alerting DD Log4Shell RCE attempts (CVE-2021-44228) Internal delivery · alerting DD SQL injection exploited (WAF detection) Internal delivery · alerting DD SSRF exploited (WAF detection) Internal delivery · alerting DD [LLM] Mailcow quarantine XSS via EICAR + HTML in attachment filename (GHSA-2xjc-rg88-jvpp) Bespoke delivery · alerting DSΣPDD

Exploitation (9)

[LLM] AVideo YPTSocket plugin XSS injection via webSocketSelfURI/page_title query strings Bespoke exploit · alerting DSΣPDD [LLM] zrok ProxyShare SSRF — request path begins with absolute URL (CVE-2026-45568) Bespoke exploit · hunting DSΣPDDCS Article-specific behavioural hunt — [GHSA / CRITICAL] CVE-2026-44990: Apostrophe has default XSS via `xmp` raw-text Bespoke exploit · hunting DSP [LLM] sanitize-html xmp-tag XSS payload (CVE-2026-44990) in inbound HTTP request Bespoke exploit · alerting DSΣPDD Article-specific behavioural hunt — Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow Bespoke exploit · hunting DSP Article-specific behavioural hunt — Persistent XSS/RCE using WebSockets in Storybook’s dev server Bespoke exploit · hunting DSP [LLM] Astro SSRF (CVE-2026-25545) — Node.js egress fetch for /404.html or /500.html with UA 'node' Bespoke exploit · alerting DSΣPDD Article-specific behavioural hunt — Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195) Bespoke exploit · hunting DSP [LLM] Jinja2 xmlattr XSS exploitation attempt in HTTP request parameters (CVE-2024-22195) Bespoke exploit · alerting SΣP

Actions on Objectives (2)

Excessive resource consumption of third-party API Internal actions · hunting DD Application data exfiltration successful Internal actions · alerting DD

Recent articles citing Web App-targeted detections

crit [GHSA / CRITICAL] GHSA-8whc-2wmv-ww35: WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPT

crit [GHSA / CRITICAL] CVE-2026-45568: rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

crit [GHSA / CRITICAL] CVE-2026-44990: Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

high Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

crit Persistent XSS/RCE using WebSockets in Storybook’s dev server

high Astro Full-Read SSRF via Host Header Injection

high Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)