OWASP TOP-10

DOM Cross-Site Scripting

Portswigger DOM XSS in `document.write` sink using source `location.search` inside a select element

Read more

Exploiting Blind XXE

Blind XXE with out-of-band interaction via XML parameter entities

Read more

Exploiting XXE for SSRF attacks

Exploiting XXE to perform SSRF attacks

Read more

Reflected XSS into attribute with angle brackets HTML-encoded

Reflected XSS into attribute with angle brackets HTML-encoded

Read more

Reflected XSS with SVG Markup

Reflected XSS with some SVG markup allowed

Read more

Server-Side Request Forgery

Basic SSRF against another back-end system

Read more

Stored Cross-Site Scripting

Stored XSS into anchor 'href' attribute with double quotes HTML-encoded

Read more

Unrestricted File Upload

Web shell upload via extension blacklist bypass

Read more