Introduction

Cross Site Scripting (XSS)

Cross Site Scripting - Attribute (XSS-Attribute)

Cross Site Scripting - href (XSS-href)

Cross Site Scripting - DOM (XSS-DOM)

Cross Site Scripting - DOM-2 (XSS-DOM-2)

CSRF

CSRF - Samesite

CSRF - Weak

XML External Entity (XXE)

File upload

Clickjacking

Ratelimiting (Brute-force login)

HttpOnly Session Hijacking XSS

Host Header Injection (Authentication Bypass)

Exposed docker daemon

SQLI (Union)

SQLI Login Bypass

SQLI (Like)

SQLI (Blind)

URL Redirection

URL Redirection - Harder

URL Redirection - Harder-2

Formula Injection

Client Side Template Injection (CSTI)

CORS exploitation

Parameter Binding

Local File Inclusion 1 (LFI-1)

Local File Inclusion 2 (LFI-2)

Local File Inclusion 3 (LFI-3)

Remote File Inclusion (RFI)

Content-Security-Policy (CSP)

Session Puzzling

Command Injection (CMD)

Command Injection 2 (CMD-2)

Command Injection 3 (CMD-3)

Command Injection 4 (CMD-4)

Command Injection Blind (CMD-Blind)

Server Side Request Forgery (SSRF)

Server Side Template Injection (SSTI)

Insecure Direct Object References (IDOR)

Deserialisation Yaml (DES-Yaml)

Deserialisation Pickle (DES-Pickle)

Deserialisation Pickle 2 (DES-Pickle-2)

GraphQL DOS

GraphQL IDOR

GraphQL Injections

GraphQL Introspection

GraphQL Mutations

JWT Null

JWT Secret

Race Condition

Race Condition File-Write

DoS Regex

Information Leakeage in Comments

Information Leakeage in Metadata

Auth Bypass

Auth Bypass - 1

Auth Bypass - 2

Auth-bypass - 3

Auth-bypass - Simple

Untrusted Sources (XSSI)

WebSocket Message Manipulation

Session Management 1

Client Side Restriction Bypass

Client Side Restriction Bypass - Harder

Credentials Guessing

Credentials Guessing - 2

CSS Injection (CSSI)

Prototype Pollution

Right To Left Override (RTLO)

Ldap Injection

Ldap Injection - harder

template item