Security Knowledge Framework

Introduction
Auth Bypass
- Python - Auth Bypass
- NodeJS - Auth Bypass
Auth Bypass - 1
Auth Bypass - 2
Auth-bypass - 3
Auth-bypass - Simple
Client Side Restriction Bypass
Client Side Restriction Bypass - Harder
Client Side Template Injection (CSTI)
Command Injection (CMD)
Command Injection 2 (CMD-2)
Command Injection 3 (CMD-3)
- Python - Command Injection 3 (CMD-3)
- Java - Command Injection 3 (CMD-3)
Command Injection 4 (CMD-4)
Command Injection Blind (CMD-Blind)
Content-Security-Policy (CSP)
CORS exploitation
- Python - CORS exploitation
- Java - CORS exploitation
Credentials Guessing
Credentials Guessing - 2
Cross Site Scripting (XSS)
Cross Site Scripting - Attribute (XSS-Attribute)
- Python - XSS-Attribute
- NodeJS - XSS-Attribute
Cross Site Scripting - href (XSS-href)
Cross Site Scripting - DOM (XSS-DOM)
Cross Site Scripting - DOM-2 (XSS-DOM-2)
Cross Site Scripting - Stored (XSS-Stored)
- Java - XSS-Stored
CSRF
CSRF - Samesite
CSRF - Weak
CSS Injection (CSSI)
Deserialisation Java (DES-Java)
- Java - Deserialisation Java (DES-Java)
Deserialisation Yaml (DES-Yaml)
- Python - Deserialisation Yaml (DES-Yaml)
Deserialisation Pickle (DES-Pickle)
- Python - Deserialisation Pickle (DES-Pickle)
Deserialisation Pickle 2 (DES-Pickle-2)
- Python - Deserialisation Pickle 2 (DES-Pickle-2)
DoS Regex
File upload
Formula Injection
GraphQL DOS
- Python - GraphQL DOS
GraphQL IDOR
GraphQL Injections
GraphQL Introspection
GraphQL Mutations
Host Header Injection (Authentication Bypass)
- Python - HttpOnly Session Hijacking XSS
HttpOnly Session Hijacking XSS
Information Leakeage in Comments
Information Leakeage in Metadata
Insecure Direct Object References (IDOR)
JWT Null
JWT Secret
Ldap Injection
Ldap Injection - harder
Local File Inclusion 1 (LFI-1)
Local File Inclusion 2 (LFI-2)
Local File Inclusion 3 (LFI-3)
Parameter Binding
Prototype Pollution
- NodeJS - Prototype Pollution
Race Condition
Race Condition File-Write
Ratelimiting (Brute-force login)
Remote File Inclusion (RFI)
Right To Left Override (RTLO)
Server Side Request Forgery (SSRF)
- Python - Server Side Request Forgery (SSRF)
- NodeJS - Server Side Request Forgery (SSRF)
Server Side Template Injection (SSTI)
- Python - Server Side Template Injection (SSTI)
- Java - Server Side Template Injection (SSTI)
Session Hijacking XSS
Session Puzzling
Session Management 1
- Python - Session Management 1
SQLI (Union)
SQLI Login Bypass
- Python - Login Bypass
SQLI (Like)
SQLI (Blind)
TLS Downgrade
- Python - TLS Downgrade
Untrusted Sources (XSSI)
URL Redirection
URL Redirection - Harder
URL Redirection - Harder-2
WebSocket Message Manipulation
- Python - WebSocket Message Manipulation
XML External Entity (XXE)
Exposed docker daemon
- Python - Exposed docker daemon
Insecure Random
- Python - Insecure Random
template item

Powered by GitBook

On this page

Running the app on Docker
Reconnaissance
Exploitation
Additional sources

Was this helpful?

Untrusted Sources (XSSI)

NodeJS - Untrusted Sources (XSSI)

PreviousPython - Untrusted Sources (XSSI)NextJava - Untrusted Sources (XSSI)

Last updated 2 years ago

Was this helpful?