This guide provides comprehensive coverage of web exploitation vulnerabilities, organized into separate detailed files for each vulnerability type.
-
- SQL Injection (SQLi)
- NoSQL Injection
- LDAP Injection
- Command Injection
- XPath Injection
-
- Credential Stuffing
- Brute Force Attacks
- Session Management Flaws
- Password Security Issues
- Multi-Factor Authentication
-
- Data at Rest
- Data in Transit
- Data in Use
- Data Exfiltration Methods
- Encryption Strategies
-
- Classic XXE
- Blind XXE
- XXE SSRF
- XXE RCE
- PHP Wrappers
-
- IDOR (Insecure Direct Object Reference)
- Privilege Escalation
- Forced Browsing
- CORS Misconfiguration
- Host Header Injection
-
- Default Credentials
- Debug Mode Issues
- Directory Listing
- Cloud Misconfigurations
- Server Misconfigurations
-
- Stored XSS
- Reflected XSS
- DOM-Based XSS
- Blind XSS
- XSS Payloads and Bypasses
-
- Java Deserialization
- Python Pickle
- PHP Unserialize
- Node.js Deserialization
- Gadget Chains
-
Components with Known Vulnerabilities
- Log4Shell (CVE-2021-44228)
- Spring4Shell (CVE-2022-22965)
- Heartbleed, Shellshock
- Dependency Scanning
- Supply Chain Security
-
Insufficient Logging & Monitoring
- Logging Fundamentals
- Monitoring Fundamentals
- Detection Rules
- Incident Response
- SIEM Integration
-
- Basic SSRF
- Blind SSRF
- Cloud Metadata Access
- Internal Network Scanning
- Prevention Strategies
-
File Inclusion Vulnerabilities
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- PHP Wrappers
- LFI to RCE
- Prevention Strategies
-
- CL.TE Technique
- TE.CL Technique
- TE.TE Technique
- Bypass Techniques
- Prevention Strategies
-
- Jinja2 SSTI
- FreeMarker SSTI
- EJS SSTI
- Twig SSTI
- Prevention Strategies
-
Additional Exploitation Categories
- Path Traversal
- CSRF (Cross-Site Request Forgery)
- Open Redirect
- WebSocket Security
- GraphQL Vulnerabilities
- Start with the vulnerability type you're interested in
- Read the overview and fundamentals
- Study the payload examples
- Understand the detection methodology
- Review prevention strategies
- Identify the vulnerability type
- Use the detection checklist
- Try the provided payloads
- Use the recommended tools
- Verify findings
- Review the prevention strategies
- Implement the recommended fixes
- Test with the provided examples
- Monitor for new vulnerabilities
- Update regularly
| Tool | Purpose | Vulnerabilities |
|---|---|---|
| Burp Suite | Comprehensive testing | All |
| OWASP ZAP | Free scanning | All |
| SQLMap | SQL injection | SQLi |
| XSStrike | XSS detection | XSS |
| Hydra | Brute force | Authentication |
| Nmap | Network scanning | Misconfiguration |
| Tool | Purpose | Vulnerabilities |
|---|---|---|
| ysoserial | Java deserialization | Insecure Deserialization |
| PHPGGC | PHP deserialization | Insecure Deserialization |
| SSRFMap | SSRF testing | SSRF |
| Tplmap | SSTI testing | SSTI |
| LFI Suite | File inclusion | File Inclusion |
| Tool | Purpose | Cloud Provider |
|---|---|---|
| AWS Scanner | AWS security | AWS |
| CloudSploit | Multi-cloud | All |
| ScoutSuite | Cloud audit | All |
| Prowler | AWS security | AWS |
| OWASP Category | Guide File |
|---|---|
| A01: Broken Access Control | 05_Broken_Access_Control.md |
| A02: Cryptographic Failures | 03_Sensitive_Data_Exposure.md |
| A03: Injection | 01_Injection_Attacks.md |
| A04: Insecure Design | Various |
| A05: Security Misconfiguration | 06_Security_Misconfiguration.md |
| A06: Vulnerable and Outdated Components | 09_Components_with_Known_Vulnerabilities.md |
| A07: Identification and Authentication Failures | 02_Broken_Authentication.md |
| A08: Software and Data Integrity Failures | Various |
| A09: Security Logging and Monitoring Failures | 10_Insufficient_Logging_Monitoring.md |
| A10: Server-Side Request Forgery | 11_SSRF.md |
SQL Injection:
' OR '1'='1
' UNION SELECT NULL,NULL,NULL--XSS:
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>SSRF:
http://127.0.0.1/admin
http://169.254.169.254/latest/meta-data/
XXE:
<!DOCTYPE data [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<data>&xxe;</data>LFI:
../../../etc/passwd
php://filter/convert.base64-encode/resource=/etc/passwd
SSTI:
{{7*7}}
${7*7}
<%= 7*7 %>| Port | Service | Common Vulnerabilities |
|---|---|---|
| 21 | FTP | Anonymous access, brute force |
| 22 | SSH | Weak credentials, outdated protocol |
| 80 | HTTP | XSS, SQLi, SSRF |
| 443 | HTTPS | SSL/TLS issues, XSS, SQLi |
| 3306 | MySQL | SQLi, weak credentials |
| 5432 | PostgreSQL | SQLi, weak credentials |
| 6379 | Redis | Unprotected instance |
| 8080 | Proxy/App | Debug mode, default credentials |
This guide is for educational purposes only. Always obtain proper authorization before testing any systems. Unauthorized testing is illegal.
If you discover vulnerabilities:
- Report to the vendor/organization
- Provide detailed findings
- Allow time to fix
- Follow responsible disclosure
- Never exploit without permission
- Stay updated on new vulnerabilities
- Follow security news and blogs
- Practice in legal environments
- Participate in bug bounty programs
- Join security communities
| Platform | Type | URL |
|---|---|---|
| PortSwigger Academy | Training | https://portswigger.net/web-security |
| HackTheBox | Practice | https://hackthebox.com |
| TryHackMe | Practice | https://tryhackme.com |
| PentesterLab | Training | https://pentesterlab.com |
| OWASP | Documentation | https://owasp.org/ |
| Database | URL |
|---|---|
| CVE | https://cve.mitre.org/ |
| NVD | https://nvd.nist.gov/ |
| Exploit-DB | https://www.exploit-db.com/ |
| CWE | https://cwe.mitre.org/ |
| Tool | URL |
|---|---|
| Burp Suite | https://portswigger.net/burp |
| OWASP ZAP | https://www.zaproxy.org/ |
| Nmap | https://nmap.org/ |
| Metasploit | https://www.metasploit.com/ |
| SQLMap | https://sqlmap.org/ |
This guide is maintained as a reference for security professionals and developers. Suggestions for improvements are welcome.
This guide is provided for educational purposes. Use responsibly and legally.
Last Updated: March 2026
Version: 1.0