Security Knowledge Framework

Search

⌃K

Auth Bypass - 1

Auth Bypass - 2

Auth-bypass - 3

Auth-bypass - Simple

Client Side Restriction Bypass

Client Side Restriction Bypass - Harder

Client Side Template Injection (CSTI)

Command Injection (CMD)

Command Injection 2 (CMD-2)

Command Injection 3 (CMD-3)

Command Injection 4 (CMD-4)

Command Injection Blind (CMD-Blind)

Content-Security-Policy (CSP)

CORS exploitation

Credentials Guessing

Credentials Guessing - 2

Cross Site Scripting (XSS)

Cross Site Scripting - Attribute (XSS-Attribute)

Cross Site Scripting - href (XSS-href)

Cross Site Scripting - DOM (XSS-DOM)

Cross Site Scripting - DOM-2 (XSS-DOM-2)

Cross Site Scripting - Stored (XSS-Stored)

CSRF - Samesite

CSS Injection (CSSI)

Deserialisation Java (DES-Java)

Deserialisation Yaml (DES-Yaml)

Deserialisation Pickle (DES-Pickle)

Deserialisation Pickle 2 (DES-Pickle-2)

Formula Injection

GraphQL Injections

GraphQL Introspection

GraphQL Mutations

Host Header Injection (Authentication Bypass)

HttpOnly Session Hijacking XSS

Information Leakeage in Comments

Information Leakeage in Metadata

Insecure Direct Object References (IDOR)

Ldap Injection - harder

Local File Inclusion 1 (LFI-1)

Local File Inclusion 2 (LFI-2)

Local File Inclusion 3 (LFI-3)

Parameter Binding

Prototype Pollution

Race Condition File-Write

Ratelimiting (Brute-force login)

Remote File Inclusion (RFI)

Right To Left Override (RTLO)

Server Side Request Forgery (SSRF)

Server Side Template Injection (SSTI)

Session Hijacking XSS

Session Puzzling

Session Management 1

SQLI Login Bypass

Python - Login Bypass

Untrusted Sources (XSSI)

URL Redirection

URL Redirection - Harder

URL Redirection - Harder-2

WebSocket Message Manipulation

XML External Entity (XXE)

Exposed docker daemon

Powered By GitBook

SQLI Login Bypass

Here are the articles in this section:

Python - Login Bypass

Java - SQLI (Union)

Python - Login Bypass