Skip to content
Tom Fieber (@pawpawhacks)
Resources
Search
tomfieber/tomfieber.github.io
Home
Interview Questions
Writeups
Projects
Resources
Tom Fieber (@pawpawhacks)
tomfieber/tomfieber.github.io
Home
Interview Questions
Interview Questions
General
General
General Cybersecurity Questions
Writeups
Writeups
Projects
Projects
Web Development
Web Development
Courses
Courses
Resources
Resources
How To
How To
Create an Ubuntu VM
Labs
Labs
PortSwigger
PortSwigger
API
API
Exploiting a mass assignment vulnerability
Authentication
Authentication
Username enumeration via different responses
2FA simple bypass
Password reset broken logic
Username enumeration via subtly different responses
Username enumeration via response timing
2FA broken logic
Brute-forcing a stay-logged-in cookie
Authorization
Authorization
Unprotected admin functionality
Multi-step process with no access control on one step
Referer-based access control
User ID controlled by request parameter
Insecure direct object references
DOM Based
DOM Based
DOM-based open redirection
JWT
JWT
JWT authentication bypass via unverified signature
JWT authentication bypass via flawed signature verification
JWT authentication bypass via jwk header injection
NoSQL Injection
NoSQL Injection
Exploiting NoSQL operator injection to bypass authentication
Path Traversal
Path Traversal
File path traversal, simple case
File path traversal, traversal sequences blocked with absolute path bypass
File path traversal, validation of start of path
Race Conditions
Race Conditions
Limit overrun race conditions
Single-endpoint race conditions
SQL Injection
SQL Injection
Blind SQL injection with conditional errors
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
SQL injection vulnerability allowing login bypass
SQL injection attack, querying the database type and version on Oracle
SQL injection attack, querying the database type and version on MySQL and Microsoft
SQL injection attack, listing the database contents on non-Oracle databases
Blind SQL injection with conditional responses
SSRF
SSRF
Basic SSRF against the local server
Basic SSRF against another back-end system
Blind SSRF with out-of-band detection
Blind SSRF with Shellshock exploitation
WebSockets
WebSockets
Manipulating WebSocket messages to exploit vulnerabilities
Cross-site WebSocket hijacking
Manipulating the WebSocket handshake to exploit vulnerabilities
XSS
XSS
Reflected XSS into HTML context with nothing encoded
Stored XSS into HTML context with nothing encoded
DOM XSS in document.write sink using source location.search
Stored XSS into anchor href attribute with double quotes HTML-encoded
Reflected XSS into a JavaScript string with angle brackets HTML encoded
DOM XSS in document.write sink using source location.search inside a select element
Reflected XSS into HTML context with most tags and attributes blocked
Exploiting cross-site scripting to steal cookies
XXE
XXE
Exploiting XXE using external entities to retrieve files
Blind XXE with out-of-band interaction
Exploiting XInclude to retrieve files
Exploiting XXE via image file upload
YesWeHack
YesWeHack
SQL Injection
SQL Injection
Simple Login Bypass
First Exfiltration
No Limit
Exploration
Injection in Insert
Filter Bypass
XPath Injection
XPath Injection
Simple Login Bypass
Methodology
Methodology
Cheatsheets
Cheatsheets
Broken Access Control Cheatsheet
CORS Cheatsheet
CSRF Cheatsheet
Local File Disclosure Cheatsheet
Open Redirect Cheatsheet
SQL Injection Cheatsheet
File Upload Cheatsheet
XPath Injection
XSS Cheatsheet
OWASP WSTG
OWASP WSTG
OWASP Web Security Testing Guide (WSTG) Checklist
Home
Resources
Resources
Multiple resources, how-tos, and methodologies. Constantly updated.
Back to top