Share
## https://sploitus.com/exploit?id=02D54C00-131F-5E03-AB65-DA70B1FC748E
# Web Exploitation Guide - Index
## Overview
This guide provides comprehensive coverage of web exploitation vulnerabilities, organized into separate detailed files for each vulnerability type.
## Available Guides
### Core Vulnerabilities
1. **[Injection Attacks](./01_Injection_Attacks.md)**
- SQL Injection (SQLi)
- NoSQL Injection
- LDAP Injection
- Command Injection
- XPath Injection
2. **[Broken Authentication](./02_Broken_Authentication.md)**
- Credential Stuffing
- Brute Force Attacks
- Session Management Flaws
- Password Security Issues
- Multi-Factor Authentication
3. **[Sensitive Data Exposure](./03_Sensitive_Data_Exposure.md)**
- Data at Rest
- Data in Transit
- Data in Use
- Data Exfiltration Methods
- Encryption Strategies
4. **[XXE Injection](./04_XXE_Injection.md)**
- Classic XXE
- Blind XXE
- XXE SSRF
- XXE RCE
- PHP Wrappers
5. **[Broken Access Control](./05_Broken_Access_Control.md)**
- IDOR (Insecure Direct Object Reference)
- Privilege Escalation
- Forced Browsing
- CORS Misconfiguration
- Host Header Injection
6. **[Security Misconfiguration](./06_Security_Misconfiguration.md)**
- Default Credentials
- Debug Mode Issues
- Directory Listing
- Cloud Misconfigurations
- Server Misconfigurations
7. **[XSS Injection](./07_XSS_Injection.md)**
- Stored XSS
- Reflected XSS
- DOM-Based XSS
- Blind XSS
- XSS Payloads and Bypasses
8. **[Insecure Deserialization](./08_Insecure_Deserialization.md)**
- Java Deserialization
- Python Pickle
- PHP Unserialize
- Node.js Deserialization
- Gadget Chains
9. **[Components with Known Vulnerabilities](./09_Components_with_Known_Vulnerabilities.md)**
- Log4Shell (CVE-2021-44228)
- Spring4Shell (CVE-2022-22965)
- Heartbleed, Shellshock
- Dependency Scanning
- Supply Chain Security
10. **[Insufficient Logging & Monitoring](./10_Insufficient_Logging_Monitoring.md)**
- Logging Fundamentals
- Monitoring Fundamentals
- Detection Rules
- Incident Response
- SIEM Integration
11. **[SSRF](./11_SSRF.md)**
- Basic SSRF
- Blind SSRF
- Cloud Metadata Access
- Internal Network Scanning
- Prevention Strategies
12. **[File Inclusion Vulnerabilities](./12_File_Inclusion_Vulnerabilities.md)**
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- PHP Wrappers
- LFI to RCE
- Prevention Strategies
13. **[HTTP Request Smuggling](./13_HTTP_Request_Smuggling.md)**
- CL.TE Technique
- TE.CL Technique
- TE.TE Technique
- Bypass Techniques
- Prevention Strategies
14. **[SSTI](./14_SSTI.md)**
- Jinja2 SSTI
- FreeMarker SSTI
- EJS SSTI
- Twig SSTI
- Prevention Strategies
15. **[Additional Exploitation Categories](./15_Additional_Exploitation_Categories.md)**
- Path Traversal
- CSRF (Cross-Site Request Forgery)
- Open Redirect
- WebSocket Security
- GraphQL Vulnerabilities
## How to Use This Guide
### For Learning
1. Start with the vulnerability type you're interested in
2. Read the overview and fundamentals
3. Study the payload examples
4. Understand the detection methodology
5. Review prevention strategies
### For Testing
1. Identify the vulnerability type
2. Use the detection checklist
3. Try the provided payloads
4. Use the recommended tools
5. Verify findings
### For Prevention
1. Review the prevention strategies
2. Implement the recommended fixes
3. Test with the provided examples
4. Monitor for new vulnerabilities
5. Update regularly
## Tools Index
### Web Application Testing
| Tool | Purpose | Vulnerabilities |
|------|---------|-----------------|
| **Burp Suite** | Comprehensive testing | All |
| **OWASP ZAP** | Free scanning | All |
| **SQLMap** | SQL injection | SQLi |
| **XSStrike** | XSS detection | XSS |
| **Hydra** | Brute force | Authentication |
| **Nmap** | Network scanning | Misconfiguration |
### Specialized Tools
| Tool | Purpose | Vulnerabilities |
|------|---------|-----------------|
| **ysoserial** | Java deserialization | Insecure Deserialization |
| **PHPGGC** | PHP deserialization | Insecure Deserialization |
| **SSRFMap** | SSRF testing | SSRF |
| **Tplmap** | SSTI testing | SSTI |
| **LFI Suite** | File inclusion | File Inclusion |
### Cloud Security
| Tool | Purpose | Cloud Provider |
|------|---------|---------------|
| **AWS Scanner** | AWS security | AWS |
| **CloudSploit** | Multi-cloud | All |
| **ScoutSuite** | Cloud audit | All |
| **Prowler** | AWS security | AWS |
## OWASP Top 10 Coverage
| OWASP Category | Guide File |
|----------------|------------|
| A01: Broken Access Control | 05_Broken_Access_Control.md |
| A02: Cryptographic Failures | 03_Sensitive_Data_Exposure.md |
| A03: Injection | 01_Injection_Attacks.md |
| A04: Insecure Design | Various |
| A05: Security Misconfiguration | 06_Security_Misconfiguration.md |
| A06: Vulnerable and Outdated Components | 09_Components_with_Known_Vulnerabilities.md |
| A07: Identification and Authentication Failures | 02_Broken_Authentication.md |
| A08: Software and Data Integrity Failures | Various |
| A09: Security Logging and Monitoring Failures | 10_Insufficient_Logging_Monitoring.md |
| A10: Server-Side Request Forgery | 11_SSRF.md |
## Quick Reference
### Quick Payloads
**SQL Injection:**
```sql
' OR '1'='1
' UNION SELECT NULL,NULL,NULL--
```
**XSS:**
```javascript
alert('XSS')
```
**SSRF:**
```
http://127.0.0.1/admin
http://169.254.169.254/latest/meta-data/
```
**XXE:**
```xml
]>
&xxe;
```
**LFI:**
```
../../../etc/passwd
php://filter/convert.base64-encode/resource=/etc/passwd
```
**SSTI:**
```python
{{7*7}}
${7*7}
```
### Common Ports
| Port | Service | Common Vulnerabilities |
|------|---------|----------------------|
| 21 | FTP | Anonymous access, brute force |
| 22 | SSH | Weak credentials, outdated protocol |
| 80 | HTTP | XSS, SQLi, SSRF |
| 443 | HTTPS | SSL/TLS issues, XSS, SQLi |
| 3306 | MySQL | SQLi, weak credentials |
| 5432 | PostgreSQL | SQLi, weak credentials |
| 6379 | Redis | Unprotected instance |
| 8080 | Proxy/App | Debug mode, default credentials |
## Important Notes
### Legal Disclaimer
This guide is for **educational purposes only**. Always obtain proper authorization before testing any systems. Unauthorized testing is illegal.
### Responsible Disclosure
If you discover vulnerabilities:
1. Report to the vendor/organization
2. Provide detailed findings
3. Allow time to fix
4. Follow responsible disclosure
5. Never exploit without permission
### Continuous Learning
- Stay updated on new vulnerabilities
- Follow security news and blogs
- Practice in legal environments
- Participate in bug bounty programs
- Join security communities
## Resources
### Learning Platforms
| Platform | Type | URL |
|----------|------|-----|
| **PortSwigger Academy** | Training | https://portswigger.net/web-security |
| **HackTheBox** | Practice | https://hackthebox.com |
| **TryHackMe** | Practice | https://tryhackme.com |
| **PentesterLab** | Training | https://pentesterlab.com |
| **OWASP** | Documentation | https://owasp.org/ |
### Vulnerability Databases
| Database | URL |
|----------|-----|
| **CVE** | https://cve.mitre.org/ |
| **NVD** | https://nvd.nist.gov/ |
| **Exploit-DB** | https://www.exploit-db.com/ |
| **CWE** | https://cwe.mitre.org/ |
### Security Tools
| Tool | URL |
|------|-----|
| **Burp Suite** | https://portswigger.net/burp |
| **OWASP ZAP** | https://www.zaproxy.org/ |
| **Nmap** | https://nmap.org/ |
| **Metasploit** | https://www.metasploit.com/ |
| **SQLMap** | https://sqlmap.org/ |
## Contributing
This guide is maintained as a reference for security professionals and developers. Suggestions for improvements are welcome.
## License
This guide is provided for educational purposes. Use responsibly and legally.
---
**Last Updated: March 2026**
**Version: 1.0**