Introduction
Auth Bypass
- Python - Auth Bypass
- NodeJS - Auth Bypass
Auth Bypass - 1
- Python - Auth Bypass - 1
- NodeJS - Auth Bypass - 1
- Java - Auth Bypass - 1
Auth Bypass - 2
- Python - Auth Bypass - 2
- NodeJS - Auth Bypass - 2
- Java - Auth Bypass - 2
Auth-bypass - 3
- Python - Auth-bypass - 3
- NodeJS - Auth-bypass - 3
- Java - Auth-bypass - 3
Auth-bypass - Simple
- Python - Auth-bypass - Simple
- NodeJS - Auth-bypass - Simple
- Java - Auth-bypass - Simple
Client Side Restriction Bypass
- Python - Client Side Restriction Bypass
- NodeJS - Client Side Restriction Bypass
- Java - Client Side Restriction Bypass
Client Side Restriction Bypass - Harder
- Python - Client Side Restriction Bypass - Harder
- NodeJS - Client Side Restriction Bypass - Harder
- Java - Client Side Restriction Bypass - Harder
Client Side Template Injection (CSTI)
- Python - Client Side Template Injection (CSTI)
- NodeJS - Client Side Template Injection (CSTI)
- Java - Client Side Template Injection (CSTI)
Command Injection (CMD)
- Python - Command Injection (CMD)
- NodeJS - Command Injection (CMD)
- Java - Command Injection (CMD)
Command Injection 2 (CMD-2)
- Python - Command Injection 2 (CMD-2)
- NodeJS - Command Injection 2 (CMD-2)
- Java - Command Injection 2 (CMD-2)
Command Injection 3 (CMD-3)
- Python - Command Injection 3 (CMD-3)
- Java - Command Injection 3 (CMD-3)
Command Injection 4 (CMD-4)
- Python - Command Injection 4 (CMD-4)
- NodeJS - Command Injection 4 (CMD-4)
- Java - Command Injection 4 (CMD-4)
Command Injection Blind (CMD-Blind)
- Python - Command Injection Blind (CMD-Blind)
- NodeJS - Command Injection Blind (CMD-Blind)
- Java - Command Injection Blind (CMD-Blind)
Content-Security-Policy (CSP)
- Python - Content-Security-Policy (CSP)
- NodeJS - Content-Security-Policy (CSP)
- Java - Content-Security-Policy (CSP)
CORS exploitation
- Python - CORS exploitation
- Java - CORS exploitation
Credentials Guessing
- Python - Credentials Guessing
- NodeJS - Credentials Guessing
- Java - Credentials Guessing
Credentials Guessing - 2
- Python - Credentials Guessing - 2
- NodeJS - Credentials Guessing - 2
- Java - Credentials Guessing - 2
Cross Site Scripting (XSS)
- Python - XSS
- NodeJS - XSS
- Java - XSS
Cross Site Scripting - Attribute (XSS-Attribute)
- Python - XSS-Attribute
- NodeJS - XSS-Attribute
Cross Site Scripting - href (XSS-href)
- Python - XSS-href
- NodeJS - XSS-href
- Java - XSS-href
Cross Site Scripting - DOM (XSS-DOM)
- Python - XSS-DOM
- NodeJS - XSS-DOM
- Java - XSS-DOM
Cross Site Scripting - DOM-2 (XSS-DOM-2)
- Python - XSS-DOM-2
- NodeJS - XSS-DOM-2
- Java - XSS-DOM-2
Cross Site Scripting - Stored (XSS-Stored)
- Java - XSS-Stored
CSRF
- Python - CSRF
- NodeJS - CSRF
- Java - CSRF
CSRF - Samesite
- Python - CSRF-SameSite
- NodeJS - CSRF-SameSite
- Java - CSRF-SameSite
CSRF - Weak
- Python - CSRF-Weak
- NodeJS - CSRF-Weak
- Java - CSRF-Weak
CSS Injection (CSSI)
- Python - CSS Injection (CSSI)
- NodeJS - CSS Injection (CSSI)
- Java - CSS Injection (CSSI)
Deserialisation Java (DES-Java)
- Java - Deserialisation Java (DES-Java)
Deserialisation Yaml (DES-Yaml)
- Python - Deserialisation Yaml (DES-Yaml)
Deserialisation Pickle (DES-Pickle)
- Python - Deserialisation Pickle (DES-Pickle)
Deserialisation Pickle 2 (DES-Pickle-2)
- Python - Deserialisation Pickle 2 (DES-Pickle-2)
DoS Regex
- Python - DoS Regex
- NodeJS - DoS Regex
- Java - DoS Regex
File upload
- Python - File-Upload
- NodeJS - File-Upload
- Java - File-Upload
Formula Injection
- Python - Formula Injection
- NodeJS - Formula Injection
- Java - Formula Injection
GraphQL DOS
- Python - GraphQL DOS
GraphQL IDOR
- Python - GraphQL IDOR
- NodeJS - GraphQL IDOR
- Java - GraphQL IDOR
GraphQL Injections
- Python - GraphQL Injections
- NodeJS - GraphQL Injections
- Java - GraphQL Injections
GraphQL Introspection
- Python - GraphQL Introspection
- NodeJS - GraphQL Introspection
- Java - GraphQL Introspection
GraphQL Mutations
- Python - GraphQL Mutations
- NodeJS - GraphQL Mutations
- Java - GraphQL Mutations
Host Header Injection (Authentication Bypass)
- Python - HttpOnly Session Hijacking XSS
HttpOnly Session Hijacking XSS
- Python - HttpOnly Session Hijacking XSS
- NodeJS - HttpOnly Session Hijacking XSS
- Java - HttpOnly Session Hijacking XSS
Information Leakeage in Comments
- Python - Information Leakeage in Comments
- NodeJS - Information Leakeage in Comments
- Java - Information Leakeage in Comments
Information Leakeage in Metadata
- Python - Information Leakeage in Metadata
- NodeJS - Information Leakeage in Metadata
- Java - Information Leakeage in Metadata
Insecure Direct Object References (IDOR)
- Python - Insecure Direct Object References (IDOR)
- NodeJS - Insecure Direct Object References (IDOR)
- Java - Insecure Direct Object References (IDOR)
JWT Null
- Python - JWT Null
- NodeJS - JWT Null
- Java - JWT Null
JWT Secret
- Python - JWT Secret
- NodeJS - JWT Secret
- Java - JWT Secret
Ldap Injection
- Python - Ldap Injection
- NodeJS - Ldap Injection
- Java - Ldap Injection
Ldap Injection - harder
- Python - Ldap Injection - harder
- NodeJS - Ldap Injection - harder
- Java - Ldap Injection - harder
Local File Inclusion 1 (LFI-1)
- Python - Local File Inclusion 1 (LFI-1)
- NodeJS - Local File Inclusion 1 (LFI-1)
- Java - Local File Inclusion 1 (LFI-1)
Local File Inclusion 2 (LFI-2)
- Python - Local File Inclusion 2 (LFI-2)
- NodeJS - Local File Inclusion 2 (LFI-2)
- Java - Local File Inclusion 2 (LFI-2)
Local File Inclusion 3 (LFI-3)
- Python - Local File Inclusion 3 (LFI-3)
- NodeJS - Local File Inclusion 3 (LFI-3)
- Java - Local File Inclusion 3 (LFI-3)
Parameter Binding
- Ruby - Parameter Binding
- NodeJS - Parameter Binding
- Java - Parameter Binding
Prototype Pollution
- NodeJS - Prototype Pollution
Race Condition
- Python - Race Condition
- NodeJS - Race Condition
- Java - Race Condition
Race Condition File-Write
- Python - Race Condition File-Write
- NodeJS - Race Condition File-Write
- Java - Race Condition File-Write
Ratelimiting (Brute-force login)
- Python - Ratelimiting
- NodeJS - Ratelimiting
- Java - Ratelimiting
Remote File Inclusion (RFI)
- Python - Remote File Inclusion (RFI)
- NodeJS - Remote File Inclusion (RFI)
- Java - Remote File Inclusion (RFI)
Right To Left Override (RTLO)
- Python - Right To Left Override (RTLO)
- NodeJS - Right To Left Override (RTLO)
- Java - Right To Left Override (RTLO)
Server Side Request Forgery (SSRF)
- Python - Server Side Request Forgery (SSRF)
- NodeJS - Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
- Python - Server Side Template Injection (SSTI)
- Java - Server Side Template Injection (SSTI)
Session Hijacking XSS * * *
Session Puzzling
- Python - Session Puzzling
- NodeJS - Session Puzzling
- Java - Session Puzzling
Session Management 1
- Python - Session Management 1
SQLI (Union)
- Python - SQLI (Union)
- NodeJS - SQLI (Union)
- Java - SQLI (Union)
SQLI Login Bypass
- Python - Login Bypass
SQLI (Like)
- Python - SQLI (Like)
- NodeJS - SQLI (Like)
- Java - SQLI (Like)
SQLI (Blind)
- Python - SQLI (Blind)
- NodeJS - SQLI (Blind)
- Java - SQLI (Blind)
TLS Downgrade
- Python - TLS Downgrade
Untrusted Sources (XSSI)
- Python - Untrusted Sources (XSSI)
- NodeJS - Untrusted Sources (XSSI)
- Java - Untrusted Sources (XSSI)
URL Redirection
- Python - URL Redirection
- NodeJS - URL Redirection
- Java - URL Redirection
URL Redirection - Harder
- Python - URL Redirection - Harder
- NodeJS - URL Redirection - Harder
- Java - URL Redirection - Harder
URL Redirection - Harder-2
- Python - URL Redirection - Harder-2
- NodeJS - URL Redirection - Harder-2
- Java - URL Redirection - Harder-2
WebSocket Message Manipulation
- Python - WebSocket Message Manipulation
XML External Entity (XXE)
- Python - XXE
- NodeJS - XXE
- Java - XXE
Exposed docker daemon
- Python - Exposed docker daemon
Insecure Random
- Python - Insecure Random
template item

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SUMMARY.md

SUMMARY.md

Table of contents

Files

SUMMARY.md

Latest commit

History

SUMMARY.md

File metadata and controls

Table of contents