> For the complete documentation index, see [llms.txt](https://heinosass.gitbook.io/leet-sheet/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks.md).

# User Attacks

- [CORS Misconfigurations](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/cors-misconfigurations.md)
- [DNS Rebinding](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/dns-rebinding.md)
- [Open Redirect](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/open-redirect.md)
- [Clickjacking](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/clickjacking.md)
- [Cross Site Request Forgery (CSRF)](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/cross-site-request-forgery-csrf.md): Making a request on the user's behalf.
- [Session Fixation](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/session-fixation.md)
- [XSS/Cross Site Scripting](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/xss-cross-site-scripting.md)
- [CSS Injection](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/css-injection.md)
- [HTML Injection](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/html-injection.md)
- [Phishing](https://heinosass.gitbook.io/leet-sheet/web-app-hacking/user-attacks/phishing.md)
