- Introduction
- KBID 1 - Path traversal (LFI)
- KBID 3 - Cross Site Scripting
- KBID 3 - Cross site scripting (attribute)
- KBID 3 - Cross site scripting (href)
- KBID 5 - CSRF
- KBID 5 - CSRF - Samesite
- KBID 6 - XXE
- KBID 13 - File upload
- KBID 20 - Clickjacking
- KBID 29 - Brute force login
- KBID 39 - HttpOnly session hijacking XSS
- KBID 45 - Exposed docker daemon
- KBID 46 - SQLI (Union)
- KBID 67 - Open Redirect
- KBID 67 - Open Redirect Harder
- KBID 67 - Open Redirect Harder-2
- KBID 95 - Formula Injection
- KBID 111 - Client Side Template Injection
- KBID 112 - CORS exploitation
- KBID 147 - parameter binding attack
- KBID 156 - SQLI (Like)
- KBID 156 - SQLI (Blind)
- KBID 173 - Local File Inclusion
- KBID 173 - Local File Inclusion-2
- KBID 173 - Local File Inclusion-3
- KBID 173 - Remote File Inclusion
- KBID 178 - Content-Security-Policy
- KBID 250 - Session Puzzling
- KBID 251 - Command Injection 1
- KBID 251 - Command Injection 2
- KBID 251 - Command Injection 3
- KBID 251 - Blind command injection
- KBID 262 - Server Side Request Forgery
- KBID 266 - Tabnabbing
- KBID 267 - SSTI
- KBID 268 - Insecure direct object references
- KBID 271 - Deserialisation Yaml
- KBID 271 - Deserialisation Pickle-1
- KBID 271 - Deserialisation Pickle-2
- KBID 285 - GraphQL DOS
- KBID 285 - GraphQL IDOR
- KBID 285 - GraphQL Injections
- KBID 285 - GraphQL Introspection
- KBID 285 - GraphQL Mutations
- KBID 7006 - JWT Null
- KBID 7006 - JWT Secret
- KBID XXX - Race Condition
- KBID XXX - DoS Regex
- KBID XXX - Information Leakeage in Comments
- KBID XXX - Information Leakeage in Metadata
- KBID XXX - Auth-bypass-1
- KBID XXX - Auth-bypass-2
- KBID XXX - Auth-bypass-3
- KBID XXX - XSSI (include files from untrusted sources)
- KBID XXX - TLS downgrade
- KBID XXX - Client side restriction bypass harder
- template