- Introduction
- KBID 1 - Path traversal (LFI)
- KBID 3 - Cross Site Scripting
- KBID 3 - Cross site scripting (attribute)
- KBID 3 - Cross site scripting (href)
- KBID 5 - CSRF
- KBID 6 - XXE
- KBID 13 - File upload
- KBID 20 - Clickjacking
- KBID 29 - Brute force login
- KBID 39 - HttpOnly session hijacking XSS
- KBID 44 - Authorisation missing
- KBID 45 - Exposed docker daemon
- KBID 46 - SQLI (Union)
- KBID 67 - Open Redirect Hard
- KBID 112 - CORS exploitation
- KBID 95 - Formula Injection
- KBID 147 - parameter binding attack
- KBID 156 - SQLI (Like)
- KBID 156 - SQLI (Blind)
- KBID 173 - Local File Inclusion
- KBID 173 - Remote File Inclusion
- KBID 178 - Content-Security-Policy
- KBID 262 - Server Side Request Forgery
- KBID 266 - Tabnabbing
- KBID 267 - SSTI
- KBID 268 - Insecure direct object references
- KBID 7006 - JWT Null
- KBID 7006 - JWT Secret
- KBID XXX - Deserialisation Yaml
- KBID XXX - Race Condition
- KBID XXX - DoS Regex
- KBID XXX - Command Injection 1
- KBID XXX - Command Injection 2
- KBID XXX - Information Leakeage in Comments
- KBID XXX - Information Leakeage in Metadata
- Blind command injection
- KBID 250 - Session Puzzling
- template