OWASP TOP-10

DOM Cross-Site Scripting

Portswigger DOM XSS in `document.write` sink using source `location.search` inside a select element

Exploiting Blind XXE

Blind XXE with out-of-band interaction via XML parameter entities

Exploiting XXE for SSRF attacks

Exploiting XXE to perform SSRF attacks

Reflected XSS into attribute with angle brackets HTML-encoded

Reflected XSS into attribute with angle brackets HTML-encoded

Reflected XSS with SVG Markup

Reflected XSS with some SVG markup allowed

Server-Side Request Forgery

Basic SSRF against another back-end system

Stored Cross-Site Scripting

Stored XSS into anchor 'href' attribute with double quotes HTML-encoded

Unrestricted File Upload

Web shell upload via extension blacklist bypass