Misc
Web
Web exploitation: fuzzing, SQLi, XSS, SSRF, XXE, file inclusion, upload and more.
64 cheatsheets
API Attacks
#web#api#bola
Broken Authentication & JWT
#web#jwt#authentication
Business Logic Vulnerabilities
#web#business-logic#logic-flaw
Clickjacking (UI Redressing)
#web#clickjacking#ui-redressing
Command Injection
#web#command-injection#rce
CORS Misconfiguration
#web#cors#same-origin-policy
CRLF Injection / HTTP Response Splitting
#web#crlf-injection#header-injection
Cross-Site Request Forgery (CSRF)
#web#csrf#session
Cross-Site Scripting (XSS)
#web#xss#session-hijacking
CSS Injection
#web#css-injection#data-exfiltration
DNS Rebinding
#web#dns-rebinding#ssrf
DOM-Based Vulnerabilities
#web#dom#dom-xss
Encoding & Obfuscation
#web#encoding#obfuscation
Eval Injection / Code Injection
#web#eval-injection#code-injection
File Inclusion (LFI / RFI)
#web#lfi#rfi
File Upload Attacks
#web#file-upload#webshell
GraphQL
#web#graphql#introspection
gRPC & Protobuf Security Testing
#web#grpc#protobuf
Hash Length Extension Attack
#web#hash-extension#cryptography
HTML Injection
#web#html-injection#phishing
HTTP & Web Requests
#web#http#curl
HTTP Host Header Attacks
#web#host-header#password-reset-poisoning
HTTP Parameter Pollution (HPP)
#web#hpp#parameter-pollution
HTTP Request Smuggling
#web#http-smuggling#request-smuggling
Information Disclosure
#web#information-disclosure#recon
Insecure Deserialization
#web#deserialization#ysoserial
LaTeX Injection
#web#latex-injection#rce
LDAP Injection
#web#ldap-injection#active-directory
NoSQL Injection
#web#nosql-injection#mongodb
OAuth 2.0 & OpenID Connect Attacks
#web#oauth#openid-connect
Open Redirect
#web#open-redirect#oauth
OWASP Top 10
#web#owasp#methodology
Padding Oracle Attack
#web#padding-oracle#cryptography
Parameter Logic Bugs
#web#logic-bugs#parameter-manipulation
PDF Generation Vulnerabilities
#web#pdf#ssrf
PHP Type Juggling
#web#php#type-juggling
Prototype Pollution
#web#prototype-pollution#javascript
Race Conditions
#web#race-conditions#toctou
ReDoS (Regular Expression Denial of Service)
#web#redos#dos
SAML Attacks
#web#saml#sso
Second-Order Injection
#web#second-order#sql-injection
Server-Side Parameter Pollution (SSPP)
#web#sspp#parameter-injection
Session Fixation
#web#session-fixation#session-hijacking
Session Puzzling (Session Variable Overloading)
#web#session-puzzling#auth-bypass
SMTP Header Injection
#web#smtp-injection#email
SOAP & WSDL Attacks
#web#soap#wsdl
SQL Injection
#web#sql-injection#union
SQLMap Essentials
#web#sqlmap#sql-injection
SSI & XSLT Injection
#web#ssi#xslt
SSRF
#web#ssrf#cloud-metadata
SSTI
#web#ssti#rce
Subdomain Takeover
#web#subdomain-takeover#dns
Tabnabbing & Reverse Tabnabbing
#web#tabnabbing#reverse-tabnabbing
Timing Attacks
#web#timing-attacks#user-enumeration
TLS / HTTPS Attacks
#web#tls#ssl
Weak Session IDs
#web#session-ids#brute-force
Web Attacks (IDOR / Verb Tampering / BFLA)
#web#idor#bfla
Web Cache Deception
#web#cache-deception#cache
Web Cache Poisoning
#web#cache-poisoning#portswigger
Web LLM Attacks & Prompt Injection
#web#llm#prompt-injection
Web Recon & Fuzzing
#web#ffuf#fuzzing
WebSockets Security
#web#websockets#cswsh
XPath Injection
#web#xpath-injection#xml
XXE
#web#xxe#xml
No cheatsheets match your search.