Resources
Exam Hints/Tips
Burp dynamic header in Intruder
Methodology
Payloads
Stage 1
Stage 2
DATA EXFILTRATION
graphql api vulns
no sql
web cache deception
clickjacking
websockets
web cache deception

Powered by GitBook

On this page

Detection
File retrive
xInclude attack
XXE by svg file upload
External Entities
SSRF
Out of band exfiltrate
Retrive data by error message

DATA EXFILTRATION

XXE Injections

PreviousCORS NextSSRF

Last updated 5 months ago