# Web App Hacking - [Enumeration](/leet-sheet/web-app-hacking/enumeration.md) - [Webserver Virtualhost Subdomains](/leet-sheet/web-app-hacking/enumeration/webserver-virtualhost-subdomains.md) - [Common Identifiers](/leet-sheet/web-app-hacking/enumeration/common-identifiers.md) - [Web Fuzzing](/leet-sheet/web-app-hacking/enumeration/web-fuzzing.md) - [Directory Enumeration](/leet-sheet/web-app-hacking/enumeration/directory-enumeration.md) - [Automated Directory Enumeration](/leet-sheet/web-app-hacking/enumeration/directory-enumeration/automated-directory-enumeration.md) - [Manual Directory Enumeration](/leet-sheet/web-app-hacking/enumeration/directory-enumeration/manual-directory-enumeration.md) - [Automated Web Technology Detection](/leet-sheet/web-app-hacking/enumeration/automated-web-technology-detection.md) - [User Attacks](/leet-sheet/web-app-hacking/user-attacks.md): These attacks affect a user in a web application - [CORS Misconfigurations](/leet-sheet/web-app-hacking/user-attacks/cors-misconfigurations.md) - [DNS Rebinding](/leet-sheet/web-app-hacking/user-attacks/dns-rebinding.md) - [Open Redirect](/leet-sheet/web-app-hacking/user-attacks/open-redirect.md) - [Clickjacking](/leet-sheet/web-app-hacking/user-attacks/clickjacking.md) - [Cross Site Request Forgery (CSRF)](/leet-sheet/web-app-hacking/user-attacks/cross-site-request-forgery-csrf.md): Making a request on the user's behalf. - [Session Fixation](/leet-sheet/web-app-hacking/user-attacks/session-fixation.md) - [XSS/Cross Site Scripting](/leet-sheet/web-app-hacking/user-attacks/xss-cross-site-scripting.md) - [CSS Injection](/leet-sheet/web-app-hacking/user-attacks/css-injection.md) - [HTML Injection](/leet-sheet/web-app-hacking/user-attacks/html-injection.md) - [Phishing](/leet-sheet/web-app-hacking/user-attacks/phishing.md) - [Database Attacks](/leet-sheet/web-app-hacking/database-attacks.md) - [SQL Injection](/leet-sheet/web-app-hacking/database-attacks/sql-injection.md): SQLi / SQL Injection - [Get a Shell From DB Connection](/leet-sheet/web-app-hacking/database-attacks/get-a-shell-from-db-connection.md): You have a connection to a database. How can you get a shell from that? - [Server Attacks](/leet-sheet/web-app-hacking/server-attacks.md) - [Collisions](/leet-sheet/web-app-hacking/server-attacks/collisions.md) - [Server Side Request Forgery](/leet-sheet/web-app-hacking/server-attacks/server-side-request-forgery.md): SSRF / Server Side Request Forgery - [Redis SSRF](/leet-sheet/web-app-hacking/server-attacks/server-side-request-forgery/redis-ssrf.md) - [Insecure Direct Object Reference](/leet-sheet/web-app-hacking/server-attacks/insecure-direct-object-reference.md) - [Timing-Based Side-Channel Attacks](/leet-sheet/web-app-hacking/server-attacks/timing-based-side-channel-attacks.md) - [Attacking Authentication Methods](/leet-sheet/web-app-hacking/server-attacks/attacking-authentication-methods.md) - [JWT Attacks](/leet-sheet/web-app-hacking/server-attacks/attacking-authentication-methods/jwt-attacks.md) - [Brute Forcing Web Forms](/leet-sheet/web-app-hacking/server-attacks/attacking-authentication-methods/brute-forcing-web-forms.md): Usually used to attack a login form - [Loose Comparisons](/leet-sheet/web-app-hacking/server-attacks/loose-comparisons.md) - [Unrestricted File Upload](/leet-sheet/web-app-hacking/server-attacks/page-3.md) - [Insecure Deserialization](/leet-sheet/web-app-hacking/server-attacks/page-2.md) - [Command Injection](/leet-sheet/web-app-hacking/server-attacks/page-1.md) - [Path Traversal](/leet-sheet/web-app-hacking/server-attacks/path-traversal.md) - [File Inclusion](/leet-sheet/web-app-hacking/server-attacks/file-inclusion.md) - [Server-Side Template Injection](/leet-sheet/web-app-hacking/server-attacks/server-side-template-injection.md) - [XML External Entities Injection (XXE)](/leet-sheet/web-app-hacking/server-attacks/xml-external-entities-injection-xxe.md) - [Server Misconfigurations](/leet-sheet/web-app-hacking/server-attacks/server-misconfigurations.md) - [Parser Inconsistencies](/leet-sheet/web-app-hacking/server-attacks/parser-inconsistencies.md) - [Bypassing WAFs](/leet-sheet/web-app-hacking/server-attacks/bypassing-wafs.md): Bypass web application firewalls - [DNS Attacks](/leet-sheet/web-app-hacking/dns-attacks.md) - [Cloud Attacks](/leet-sheet/web-app-hacking/cloud-attacks.md) - [Amazon Web Services](/leet-sheet/web-app-hacking/cloud-attacks/amazon-web-services.md) - [Interesting Outdated Attacks](/leet-sheet/web-app-hacking/interesting-outdated-attacks.md) - [SQL Truncation](/leet-sheet/web-app-hacking/interesting-outdated-attacks/sql-truncation.md)