|
_LEARNING_AND_SOCIALS
|
|
|
|
_template_vuln
|
|
|
|
Account Takeover
|
|
|
|
API Key Leaks
|
|
|
|
assets
|
|
|
|
Brute Force Rate Limit
|
|
|
|
Business Logic Errors
|
|
|
|
Clickjacking
|
|
|
|
Client Side Path Traversal
|
|
|
|
Command Injection
|
|
|
|
CONTRIBUTING
|
|
|
|
CORS Misconfiguration
|
|
|
|
CRLF Injection
|
|
|
|
Cross-Site Request Forgery
|
|
|
|
CSV Injection
|
|
|
|
CVE Exploits
|
|
|
|
Denial of Service
|
|
|
|
Dependency Confusion
|
|
|
|
Directory Traversal
|
|
|
|
DISCLAIMER
|
|
|
|
DNS Rebinding
|
|
|
|
DOM Clobbering
|
|
|
|
Encoding Transformations
|
|
|
|
External Variable Modification
|
|
|
|
File Inclusion
|
|
|
|
Google Web Toolkit
|
|
|
|
GraphQL Injection
|
|
|
|
Headless Browser
|
|
|
|
Hidden Parameters
|
|
|
|
HTTP Parameter Pollution
|
|
|
|
Insecure Deserialization
|
|
|
|
Insecure Direct Object References
|
|
|
|
Insecure Management Interface
|
|
|
|
Insecure Randomness
|
|
|
|
Insecure Source Code Management
|
|
|
|
Java RMI
|
|
|
|
JSON Web Token
|
|
|
|
LaTeX Injection
|
|
|
|
LDAP Injection
|
|
|
|
Mass Assignment
|
|
|
|
Methodology and Resources
|
|
|
|
NoSQL Injection
|
|
|
|
OAuth Misconfiguration
|
|
|
|
Open Redirect
|
|
|
|
ORM Leak
|
|
|
|
Prompt Injection
|
|
|
|
Prototype Pollution
|
|
|
|
Race Condition
|
|
|
|
Regular Expression
|
|
|
|
Request Smuggling
|
|
|
|
Reverse Proxy Misconfigurations
|
|
|
|
SAML Injection
|
|
|
|
search
|
|
|
|
Server Side Include Injection
|
|
|
|
Server Side Request Forgery
|
|
|
|
Server Side Template Injection
|
|
|
|
SQL Injection
|
|
|
|
Tabnabbing
|
|
|
|
Type Juggling
|
|
|
|
Upload Insecure Files
|
|
|
|
Virtual Hosts
|
|
|
|
Web Cache Deception
|
|
|
|
Web Sockets
|
|
|
|
XPATH Injection
|
|
|
|
XSLT Injection
|
|
|
|
XSS Injection
|
|
|
|
XXE Injection
|
|
|
|
Zip Slip
|
|
|
|
.nojekyll
|
|
|
|
404.html
|
|
|
|
custom.css
|
|
|
|
index.html
|
|
|
|
LICENSE
|
|
|
|
mkdocs.yml
|
|
|
|
sitemap.xml
|
|
|
|
sitemap.xml.gz
|
|
|
