A collection of web security exploitation techniques and vulnerability writeups.
- SQL Injection - Various SQLi techniques, bypass methods, and automated tools
- Cross-Site Scripting (XSS) - DOM-based, stored, reflected XSS with real-world examples
- Cross-Site Request Forgery (CSRF) - Exploitation and protection bypass techniques
- Server-Side Request Forgery (SSRF) - Internal network access and cloud metadata exploitation
- File Upload Vulnerabilities - Bypassing filters and achieving RCE
- Command Injection - OS command execution techniques
- XXE (XML External Entity) - File read, SSRF, and RCE through XML parsing
- Bug Bounty Reports - Anonymized real-world bug bounty submissions
- CTF Solutions - Walkthroughs of web security challenges
- CVE Analysis - In-depth analysis of disclosed vulnerabilities
- Real-World Scenarios - Practical exploitation scenarios from assessments
- Custom exploitation scripts
- Payload generators
- Reconnaissance automation
- Proof-of-Concept (PoC) code
- Web application testing methodology
- Source code review techniques
- API security testing
- Authentication/Authorization testing
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Add your technique/writeup with clear explanations
- Submit a pull request
- OWASP Foundation
- Security researchers and bug bounty hunters
- Open source security tools developers
- The security community