Web
5 notes
Notes
- SQL Injection — Normal, Blind, Timing, WAF BypassWorking reference for SQL injection: in-band UNION, error-based, blind boolean, blind timing, second-order, NoSQL injection, and WAF bypass. Per-DBMS payloads for MySQL, PostgreSQL, MSSQL, Oracle, SQLite. sqlmap recipes, recent CVEs, and manual fallbacks.
- XSS — Bypasses, Angular / Vue / ReactXSS reference focused on filter bypass, CSP bypass, and framework-specific sinks. Angular template / sandbox escape, Vue template injection, React dangerouslySetInnerHTML / URL sinks. DOM XSS, mutation XSS, and recent CVEs.
- SSRF — Cloud Metadata, Blind, Filter BypassServer-Side Request Forgery reference. Cloud metadata endpoints (AWS IMDS v1/v2, GCP, Azure), DNS rebinding, URL parser confusion, gopher/dict/file exploitation, blind SSRF via timing/OOB, and recent chainable CVEs (Capital One, Confluence, SAP, Ivanti).
- RCE — Command, Template, DeserializationRemote Code Execution reference. Command injection, SSTI (Jinja2, Twig, Freemarker, Velocity, Thymeleaf, Handlebars), deserialization (Java, .NET, PHP, Python, Ruby, Node), file upload to RCE, and recent mass-exploited CVEs.
- XXE — Classic, Blind, OOB, Parameter EntitiesXML External Entity reference. File read, SSRF, RCE via PHP expect, parameter-entity OOB exfiltration for blind cases, XXE inside SOAP/SVG/DOCX/SAML, XInclude, billion-laughs DoS, and parser-specific behaviour (libxml, Xerces, .NET).