Web Exploitation
This phase covers active exploitation of identified vulnerabilities to demonstrate impact and gain access to the target application or underlying systems. Each vulnerability type has its own comprehensive guide with detailed techniques, automation scripts, and practice labs.
Warning
Exploitation Guides
SQL Injection
Union-based, blind Boolean/time-based, error-based SQLi. WAF bypasses and database-specific payloads.
Cross-Site Scripting (XSS)
Reflected, stored, and DOM-based XSS. Filter bypasses, CSP evasion, and BeEF integration.
Cross-Site Request Forgery
CSRF token bypass, SameSite cookie bypass, JSON CSRF, and PoC generation.
File Upload Attacks
Web shell uploads, extension bypasses, magic byte manipulation, and polyglot files.
Server-Side Request Forgery
Internal network scanning, cloud metadata exploitation, DNS rebinding, and protocol smuggling.
OS Command Injection
Command separators, blind injection, filter bypasses, and reverse shells for Linux/Windows.
XML External Entity (XXE)
File disclosure, SSRF via XXE, blind XXE with OOB exfiltration, and SVG/DOCX injection.
Authentication Bypass
Default credentials, SQLi login bypass, JWT attacks, 2FA bypass, and OAuth/SAML attacks.
Server-Side Template Injection
Jinja2, Twig, Freemarker exploitation. Template detection, RCE payloads, and filter bypasses.
Path Traversal / LFI / RFI
Directory traversal, local/remote file inclusion, PHP wrappers, and log poisoning.
Insecure Deserialization
Java (ysoserial), PHP (phpggc), Python (pickle), and .NET gadget chains with exploitation.
IDOR
Horizontal/vertical privilege escalation, GUID prediction, parameter tampering, and automation.
NoSQL Injection
MongoDB operator injection, authentication bypass, data extraction, and blind injection.
Open Redirect
URL validation bypasses, OAuth token theft, SSRF chains, and phishing enhancement.
Business Logic Vulnerabilities
Workflow bypass, race conditions, payment manipulation, and rate limiting bypass.
Race Conditions
TOCTOU exploitation, limit-overrun attacks, Turbo Intruder, and single-packet techniques.
HTTP Request Smuggling
CL.TE, TE.CL, TE.TE desync attacks, HTTP/2 downgrade smuggling, and cache poisoning chains.
Web Cache Poisoning
Unkeyed header injection, cache deception, Param Miner, and cache key manipulation.
WebSocket Security
Cross-Site WebSocket Hijacking (CSWSH), message injection, and origin validation bypass.
JWT Attacks
Algorithm confusion, none algorithm bypass, weak secret cracking, and KID injection.
OAuth/OIDC Attacks
Redirect URI manipulation, token leakage, PKCE bypass, and state parameter CSRF.
GraphQL Security
Introspection leakage, batching attacks, DoS via nested queries, and authorization bypass.
Prototype Pollution
Client-side and server-side exploitation, gadget chains, PP-to-XSS, and Node.js RCE.
CORS Misconfiguration
Origin reflection, null origin bypass, wildcard with credentials, and regex bypass techniques.
Security Headers
CSP bypass, HSTS stripping, clickjacking via X-Frame-Options, and missing security headers.
WAF Bypass
WAF detection, encoding tricks, SQLi/XSS/command injection evasion, and origin IP discovery.
Client-Side Attacks
DOM clobbering, postMessage abuse, service worker hijacking, CSS injection, and exfiltration.
HTTP/2 & HTTP/3 Attacks
H2 request smuggling, h2c smuggling, single-packet race conditions, and QUIC attack surface.
Prompt Injection / LLM Attacks
Direct and indirect prompt injection, RAG poisoning, jailbreaking, and AI data extraction.
SAML / SSO Attacks
Signature bypass, XML signature wrapping, assertion manipulation, and SSO relay attacks.
MFA Bypass Techniques
OTP brute force, response manipulation, push fatigue, token reuse, and evilginx2 phishing.
Host Header Injection
Password reset poisoning, cache poisoning via host, virtual host enumeration, and SSRF chains.
CRLF Injection
HTTP response splitting, XSS via CRLF, session fixation, log poisoning, and encoding variants.
LDAP Injection
Authentication bypass, data extraction, blind LDAP injection, and modification attacks.
HTTP Parameter Pollution
Framework parsing differences, WAF bypass via HPP, business logic bypass, and server-side HPP.
Web Cache Deception
Path confusion techniques, CDN-specific testing, automated exploitation, and cache key analysis.
Information Disclosure
Error page analysis, verbose headers, debug endpoints, source code exposure, and directory listing.
Mass Assignment
Framework-specific attacks (Rails, Django, Laravel, Spring), nested object injection, and GraphQL mass assignment.
REST API Attacks
OWASP API Top 10, BOLA/BFLA, JWT attacks, rate limiting bypass, and API versioning bugs.
Secrets Exposure
Hardcoded keys in JS/source maps, .env files, git mining with truffleHog/gitleaks, and regex patterns.
XPath Injection
Authentication bypass, data extraction, blind XPath injection, and XML structure enumeration.
Credential Stuffing & Account Enumeration
Username enumeration via timing/message/size differences, Hydra/ffuf attacks, and rate limit bypass.
Vulnerable & Outdated Components
Fingerprinting with Wappalyzer/WhatWeb, dependency analysis, Retire.js, Nuclei, and CVE exploitation.
Expression Language Injection
Java EL, Spring SpEL, OGNL, Jinja2, Twig, and Freemarker RCE chains with polyglot payloads.
Email Header Injection
CRLF in email headers, CC/BCC injection, content-type injection, and password reset token theft.
Webhook Security
Webhook SSRF via cloud metadata, signature forgery, replay attacks, and callback manipulation.
Session Fixation
Pre-auth session assignment, URL-based fixation, cookie injection, and session ID regeneration testing.
Clickjacking
X-Frame-Options/CSP detection, PoC generation, multi-step UI redress, and frame-busting bypasses.
PDF Generation Attacks
Local file read via HTML-to-PDF, SSRF through PDF libraries, and data exfiltration techniques.
API Gateway / Proxy Bypass
Path normalization bypass, direct backend access, header manipulation, and method override exploits.
gRPC Security
Service discovery via reflection, authentication testing, injection in protobuf fields, and fuzzing.
Serverless Function Attacks
Event injection, environment/credential exposure, IAM privilege escalation, and cold start abuse.
Cryptographic Failures
TLS/SSL testing, weak password storage, data in transit/at rest analysis, and weak crypto detection.
Logging & Monitoring Failures
Missing log testing, log quality assessment, monitoring/alerting gaps, and audit trail analysis.
Quick Reference
Exploitation Methodology
- Identify vulnerability type - Confirm the vulnerability exists and understand its nature
- Research exploitation techniques - Use the detailed guides above for specific attack vectors
- Develop/customize payloads - Adapt payloads to bypass any security controls
- Demonstrate impact - Show real-world consequences (data access, RCE, etc.)
- Document everything - Screenshot evidence, save payloads, note exact steps
Information
Related Topics
Injection Remediation
Fix SQL and command injection vulnerabilities
XSS Remediation
Prevent cross-site scripting attacks
CSRF Remediation
Implement anti-CSRF protections
Access Control Remediation
Fix broken access control issues
Burp Suite Cheatsheet
Web testing proxy commands
SQLMap Cheatsheet
Automated SQL injection tool