├── Automatic Link Click
├── ColdFusion
    └── coldfusion-autopwn
    │   └── cfide-autopwn1.1.3.py
├── FTP
    └── ftp_csrf.md
├── General Web Attacks
    ├── CSRF
    │   ├── Readme.md
    │   ├── csrf_poc.html
    │   └── csrf_rest_poc.html
    ├── HTTP_Response_Splitting
    │   └── CRLF.md
    ├── JSON Related
    │   ├── JSON Hijacking
    │   └── JSON sensitive data extraction.MD
    ├── Java EL Lang.md
    ├── Java OGNL.md
    ├── LFI
    │   ├── LFIcrawler.py
    │   └── Readme.MD
    ├── Polygots
    │   ├── POC.gif
    │   └── POC.md
    ├── SOME
    │   ├── some.html
    │   └── some.php
    ├── SSRF
    │   └── SSRF_Sample.php
    ├── XSS
    │   ├── XSS_Browser_Bugs
    │   │   └── IE_Browser_Bug_5.0_to_11_XSS_via_HOST_headers.txt
    │   └── xss_via_file_name.md
    ├── XXE
    │   ├── Readme.md
    │   ├── Vulnerable_PoC
    │   │   ├── Vuln.java
    │   │   ├── XXE_Test.xml
    │   │   ├── server.js
    │   │   ├── server2.js
    │   │   ├── xml.xml
    │   │   ├── xml2.xml
    │   │   └── xxe_simple_without DTD.xml
    │   ├── XXE_PAYLOADS
    │   ├── exploit1.dtd
    │   ├── exploit1.xml
    │   ├── xxe_cheatsheet
    │   └── xxe_via_dtd.md
    ├── captchajacking
    │   ├── LICENSE
    │   ├── README.md
    │   ├── captchas
    │   │   ├── 0jnHeJP2QgsqEGUPbnBG59rqSpfH0MDw.png
    │   │   ├── 1BjPSO15mlTjpumRl8uK548Lotrlax9Y.png
    │   │   ├── 1yzNZeLj8pCzTPxt14giJhGDlL4hR47b.png
    │   │   ├── 3Gp2nwfclHePLfTFsoR2cXi0ASVPw1qU.png
    │   │   ├── 3rfQapFhSIjRrRAUkUPDHo7WtDeZXnkZ.png
    │   │   ├── 5XLNPRqFcMxf3oR6ClJUU7TnSDRYgpay.png
    │   │   ├── 6S3kr1YCPdhzRlbVIK3jGcZBgJXaBZAr.png
    │   │   ├── 9gS6IBW9vXn0LBhnQtczhjpzEkcveAwm.png
    │   │   ├── BWjhMQIfcLQ6yKHENWGQdZA0S8SkDp9t.png
    │   │   ├── C62bEqSCKMhKhMu8h81o70a7KxKqgCyb.png
    │   │   ├── DDJVH9WZlfYGwRQwmp1fz7yS5qks9NAk.png
    │   │   ├── Kuj8Va5C4H1T0zk6csjOo1OJZjbifZzJ.png
    │   │   ├── Mfw7RBOsteesi9j6sgFi3vHSSW4EeHFL.png
    │   │   ├── RgUUd8NUfPCv83BrwPPqntFhHaD1XShA.png
    │   │   ├── SFvtwHCou58n6ce7xYby0IHI3p9fOSCC.png
    │   │   ├── SkY5pMRpiTb9f4MKq2fr908w4EgtSU85.png
    │   │   ├── Tbr8rhqzKcnNHj2Eu1HZOSJSHREvwQb0.png
    │   │   ├── VD1Tso2XE9PRU8Wi6PXkVtx2ZEcLhFNF.png
    │   │   ├── WzF9WlIjFbmBKg0N0VDermfx9cgkypAl.png
    │   │   ├── X9r2HT4A7mEDizfXERWJB7auhwrxN5hX.png
    │   │   ├── angVtedht0tKoLFQPheBLC9Xjjuv3LZI.png
    │   │   ├── bKEKlnl732Fmdn26BbBA75rRXCu6FEH5.png
    │   │   ├── ckFJOaC8uaBlQpRVCua9CqUDTFRPlW3t.png
    │   │   ├── czQ8MQrUxXoMcWXvWCNkQAdkt0ot8GTu.png
    │   │   ├── dCpnFFDzgc9WgFmDh7Pc4aRVsDX48yVQ.png
    │   │   ├── gO99bsLSF3UJQHTVqE0Y4IIzox6VEVQb.png
    │   │   ├── hiBIrbsPGD3cJCZXsYlDfUziKmA6cIDE.png
    │   │   ├── jlUs5geHiUwCEw9YmnHSTW52vrQGPNA8.png
    │   │   ├── ls82EPtbdRlb70Y9FYETw5K7iutzGyno.png
    │   │   ├── orFQkb9V4iEOe4NjjqbGybWlw6pzMBDr.png
    │   │   ├── pT2Qz0BPEqc6T8WBUsf9ACagdnEqD0Fd.png
    │   │   ├── r7XVx2BQ707ceHJEdZuRaqiHfIXAIhPT.png
    │   │   ├── s5I7fRodnAXbjdfqGa3B0r3TIpRu3XNp.png
    │   │   ├── tdIdti8ymCvqiYUJAiwLbIgNGtV6LdQY.png
    │   │   ├── tq9rLtprKCNu98coJEy6BM2hI8nTcJ2B.png
    │   │   ├── uhLXcmGfaDAMtS5HYjz04giBqUyvbPro.png
    │   │   ├── x1lJMBnTlQjM6Ac1knQJgB37zjAHvzGO.png
    │   │   ├── xXMI3mCQDFDrHOOxzRZjrRLNdyZJquDq.png
    │   │   └── zLR9HlfswoIDzXGKnIbuE8kQT6QSxLKf.png
    │   ├── cjack_reddit.py
    │   ├── css
    │   │   └── master.css
    │   ├── failed_attempts
    │   │   ├── cjack_reddit_poc.py
    │   │   ├── cjack_reddit_requests.py
    │   │   └── poc.py
    │   ├── js
    │   │   ├── init.js
    │   │   └── jquery-1.6.4.min.js
    │   └── useragents.txt
    ├── clickjacking
    │   ├── README.md
    │   └── ozbargain_clickjacking.html
    ├── content-type-abuse
    │   ├── CrossDomainDataHijack.as.txt
    │   ├── CrossDomainDataHijack.jpg
    │   ├── CrossDomainDataHijackHelper.html
    │   ├── PoC2.html
    │   ├── PoC2.jpg
    │   └── README.md
    ├── graphQL.md
    ├── http_request_smuggling.py
    └── open_redirects.md
├── Java
    └── jdwp-shellifier
    │   ├── README.md
    │   ├── exp.py
    │   ├── jdwp-masscan.cfg
    │   └── jdwp-shellifier.py
├── Jboss bsh.md
├── LICENSE
├── MSSQL
    └── mssql_adv.md
├── MySQL
    └── mysql_readfile_without_filepriv.md
├── OAuth
    └── leaking_oauth_tokens_via_redir.md
├── PHP
    ├── LFI to Code Execution
    ├── php_expect_rce.md
    ├── php_filter_lfi.md
    ├── php_input_lfi.md
    ├── php_nullbyte_alternative.md
    └── wordpress_xmlrpc_pingback_dos.py
├── Python
    └── bypass_filters.md
├── README.md
├── Server_Health_Check.py
├── TypeScript
    └── React_Next.js Secure Code Review Checklist.md
└── clone.html


/Automatic Link Click:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Automatic Link Click


--------------------------------------------------------------------------------
/ColdFusion/coldfusion-autopwn/cfide-autopwn1.1.3.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/ColdFusion/coldfusion-autopwn/cfide-autopwn1.1.3.py


--------------------------------------------------------------------------------
/FTP/ftp_csrf.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/FTP/ftp_csrf.md


--------------------------------------------------------------------------------
/General Web Attacks/CSRF/Readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/CSRF/Readme.md


--------------------------------------------------------------------------------
/General Web Attacks/CSRF/csrf_poc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/CSRF/csrf_poc.html


--------------------------------------------------------------------------------
/General Web Attacks/CSRF/csrf_rest_poc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/CSRF/csrf_rest_poc.html


--------------------------------------------------------------------------------
/General Web Attacks/HTTP_Response_Splitting/CRLF.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/HTTP_Response_Splitting/CRLF.md


--------------------------------------------------------------------------------
/General Web Attacks/JSON Related/JSON Hijacking:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/JSON Related/JSON Hijacking


--------------------------------------------------------------------------------
/General Web Attacks/JSON Related/JSON sensitive data extraction.MD:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/JSON Related/JSON sensitive data extraction.MD


--------------------------------------------------------------------------------
/General Web Attacks/Java EL Lang.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/Java EL Lang.md


--------------------------------------------------------------------------------
/General Web Attacks/Java OGNL.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/Java OGNL.md


--------------------------------------------------------------------------------
/General Web Attacks/LFI/LFIcrawler.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/LFI/LFIcrawler.py


--------------------------------------------------------------------------------
/General Web Attacks/LFI/Readme.MD:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/LFI/Readme.MD


--------------------------------------------------------------------------------
/General Web Attacks/Polygots/POC.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/Polygots/POC.gif


--------------------------------------------------------------------------------
/General Web Attacks/Polygots/POC.md:
--------------------------------------------------------------------------------
1 | Valid GIF file with php code. -upload - tamper .gif to .php
2 | 


--------------------------------------------------------------------------------
/General Web Attacks/SOME/some.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/SOME/some.html


--------------------------------------------------------------------------------
/General Web Attacks/SOME/some.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/SOME/some.php


--------------------------------------------------------------------------------
/General Web Attacks/SSRF/SSRF_Sample.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/SSRF/SSRF_Sample.php


--------------------------------------------------------------------------------
/General Web Attacks/XSS/XSS_Browser_Bugs/IE_Browser_Bug_5.0_to_11_XSS_via_HOST_headers.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XSS/XSS_Browser_Bugs/IE_Browser_Bug_5.0_to_11_XSS_via_HOST_headers.txt


--------------------------------------------------------------------------------
/General Web Attacks/XSS/xss_via_file_name.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XSS/xss_via_file_name.md


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Readme.md


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/Vuln.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Vulnerable_PoC/Vuln.java


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/XXE_Test.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Vulnerable_PoC/XXE_Test.xml


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/server.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Vulnerable_PoC/server.js


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/server2.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Vulnerable_PoC/server2.js


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/xml.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0"?>
2 | <!DOCTYPE foo SYSTEM "http://localhost:8000/dtd" >
3 | <x>&foo;</x>
4 | 


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/xml2.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Vulnerable_PoC/xml2.xml


--------------------------------------------------------------------------------
/General Web Attacks/XXE/Vulnerable_PoC/xxe_simple_without DTD.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/Vulnerable_PoC/xxe_simple_without DTD.xml


--------------------------------------------------------------------------------
/General Web Attacks/XXE/XXE_PAYLOADS:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/XXE_PAYLOADS


--------------------------------------------------------------------------------
/General Web Attacks/XXE/exploit1.dtd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/exploit1.dtd


--------------------------------------------------------------------------------
/General Web Attacks/XXE/exploit1.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/exploit1.xml


--------------------------------------------------------------------------------
/General Web Attacks/XXE/xxe_cheatsheet:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/xxe_cheatsheet


--------------------------------------------------------------------------------
/General Web Attacks/XXE/xxe_via_dtd.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/XXE/xxe_via_dtd.md


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/LICENSE


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/README.md


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/0jnHeJP2QgsqEGUPbnBG59rqSpfH0MDw.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/0jnHeJP2QgsqEGUPbnBG59rqSpfH0MDw.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/1BjPSO15mlTjpumRl8uK548Lotrlax9Y.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/1BjPSO15mlTjpumRl8uK548Lotrlax9Y.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/1yzNZeLj8pCzTPxt14giJhGDlL4hR47b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/1yzNZeLj8pCzTPxt14giJhGDlL4hR47b.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/3Gp2nwfclHePLfTFsoR2cXi0ASVPw1qU.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/3Gp2nwfclHePLfTFsoR2cXi0ASVPw1qU.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/3rfQapFhSIjRrRAUkUPDHo7WtDeZXnkZ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/3rfQapFhSIjRrRAUkUPDHo7WtDeZXnkZ.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/5XLNPRqFcMxf3oR6ClJUU7TnSDRYgpay.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/5XLNPRqFcMxf3oR6ClJUU7TnSDRYgpay.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/6S3kr1YCPdhzRlbVIK3jGcZBgJXaBZAr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/6S3kr1YCPdhzRlbVIK3jGcZBgJXaBZAr.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/9gS6IBW9vXn0LBhnQtczhjpzEkcveAwm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/9gS6IBW9vXn0LBhnQtczhjpzEkcveAwm.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/BWjhMQIfcLQ6yKHENWGQdZA0S8SkDp9t.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/BWjhMQIfcLQ6yKHENWGQdZA0S8SkDp9t.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/C62bEqSCKMhKhMu8h81o70a7KxKqgCyb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/C62bEqSCKMhKhMu8h81o70a7KxKqgCyb.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/DDJVH9WZlfYGwRQwmp1fz7yS5qks9NAk.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/DDJVH9WZlfYGwRQwmp1fz7yS5qks9NAk.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/Kuj8Va5C4H1T0zk6csjOo1OJZjbifZzJ.png:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/Mfw7RBOsteesi9j6sgFi3vHSSW4EeHFL.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/Mfw7RBOsteesi9j6sgFi3vHSSW4EeHFL.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/RgUUd8NUfPCv83BrwPPqntFhHaD1XShA.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/RgUUd8NUfPCv83BrwPPqntFhHaD1XShA.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/SFvtwHCou58n6ce7xYby0IHI3p9fOSCC.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/SFvtwHCou58n6ce7xYby0IHI3p9fOSCC.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/SkY5pMRpiTb9f4MKq2fr908w4EgtSU85.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/SkY5pMRpiTb9f4MKq2fr908w4EgtSU85.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/Tbr8rhqzKcnNHj2Eu1HZOSJSHREvwQb0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/Tbr8rhqzKcnNHj2Eu1HZOSJSHREvwQb0.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/VD1Tso2XE9PRU8Wi6PXkVtx2ZEcLhFNF.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/VD1Tso2XE9PRU8Wi6PXkVtx2ZEcLhFNF.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/WzF9WlIjFbmBKg0N0VDermfx9cgkypAl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/WzF9WlIjFbmBKg0N0VDermfx9cgkypAl.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/X9r2HT4A7mEDizfXERWJB7auhwrxN5hX.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/X9r2HT4A7mEDizfXERWJB7auhwrxN5hX.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/angVtedht0tKoLFQPheBLC9Xjjuv3LZI.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/angVtedht0tKoLFQPheBLC9Xjjuv3LZI.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/bKEKlnl732Fmdn26BbBA75rRXCu6FEH5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/bKEKlnl732Fmdn26BbBA75rRXCu6FEH5.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/ckFJOaC8uaBlQpRVCua9CqUDTFRPlW3t.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/ckFJOaC8uaBlQpRVCua9CqUDTFRPlW3t.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/czQ8MQrUxXoMcWXvWCNkQAdkt0ot8GTu.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/czQ8MQrUxXoMcWXvWCNkQAdkt0ot8GTu.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/dCpnFFDzgc9WgFmDh7Pc4aRVsDX48yVQ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/dCpnFFDzgc9WgFmDh7Pc4aRVsDX48yVQ.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/gO99bsLSF3UJQHTVqE0Y4IIzox6VEVQb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/gO99bsLSF3UJQHTVqE0Y4IIzox6VEVQb.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/hiBIrbsPGD3cJCZXsYlDfUziKmA6cIDE.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/hiBIrbsPGD3cJCZXsYlDfUziKmA6cIDE.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/jlUs5geHiUwCEw9YmnHSTW52vrQGPNA8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/jlUs5geHiUwCEw9YmnHSTW52vrQGPNA8.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/ls82EPtbdRlb70Y9FYETw5K7iutzGyno.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/ls82EPtbdRlb70Y9FYETw5K7iutzGyno.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/orFQkb9V4iEOe4NjjqbGybWlw6pzMBDr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/orFQkb9V4iEOe4NjjqbGybWlw6pzMBDr.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/pT2Qz0BPEqc6T8WBUsf9ACagdnEqD0Fd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/pT2Qz0BPEqc6T8WBUsf9ACagdnEqD0Fd.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/r7XVx2BQ707ceHJEdZuRaqiHfIXAIhPT.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/r7XVx2BQ707ceHJEdZuRaqiHfIXAIhPT.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/s5I7fRodnAXbjdfqGa3B0r3TIpRu3XNp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/s5I7fRodnAXbjdfqGa3B0r3TIpRu3XNp.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/tdIdti8ymCvqiYUJAiwLbIgNGtV6LdQY.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/tdIdti8ymCvqiYUJAiwLbIgNGtV6LdQY.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/tq9rLtprKCNu98coJEy6BM2hI8nTcJ2B.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/tq9rLtprKCNu98coJEy6BM2hI8nTcJ2B.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/uhLXcmGfaDAMtS5HYjz04giBqUyvbPro.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/uhLXcmGfaDAMtS5HYjz04giBqUyvbPro.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/x1lJMBnTlQjM6Ac1knQJgB37zjAHvzGO.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/x1lJMBnTlQjM6Ac1knQJgB37zjAHvzGO.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/xXMI3mCQDFDrHOOxzRZjrRLNdyZJquDq.png:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/captchas/zLR9HlfswoIDzXGKnIbuE8kQT6QSxLKf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/captchas/zLR9HlfswoIDzXGKnIbuE8kQT6QSxLKf.png


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/cjack_reddit.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/cjack_reddit.py


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/css/master.css:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/css/master.css


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/failed_attempts/cjack_reddit_poc.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/failed_attempts/cjack_reddit_poc.py


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/failed_attempts/cjack_reddit_requests.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/failed_attempts/cjack_reddit_requests.py


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/failed_attempts/poc.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/failed_attempts/poc.py


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/js/init.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/js/init.js


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/js/jquery-1.6.4.min.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/js/jquery-1.6.4.min.js


--------------------------------------------------------------------------------
/General Web Attacks/captchajacking/useragents.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/captchajacking/useragents.txt


--------------------------------------------------------------------------------
/General Web Attacks/clickjacking/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/clickjacking/README.md


--------------------------------------------------------------------------------
/General Web Attacks/clickjacking/ozbargain_clickjacking.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/clickjacking/ozbargain_clickjacking.html


--------------------------------------------------------------------------------
/General Web Attacks/content-type-abuse/CrossDomainDataHijack.as.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/content-type-abuse/CrossDomainDataHijack.as.txt


--------------------------------------------------------------------------------
/General Web Attacks/content-type-abuse/CrossDomainDataHijack.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/content-type-abuse/CrossDomainDataHijack.jpg


--------------------------------------------------------------------------------
/General Web Attacks/content-type-abuse/CrossDomainDataHijackHelper.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/content-type-abuse/CrossDomainDataHijackHelper.html


--------------------------------------------------------------------------------
/General Web Attacks/content-type-abuse/PoC2.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/content-type-abuse/PoC2.html


--------------------------------------------------------------------------------
/General Web Attacks/content-type-abuse/PoC2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/content-type-abuse/PoC2.jpg


--------------------------------------------------------------------------------
/General Web Attacks/content-type-abuse/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/content-type-abuse/README.md


--------------------------------------------------------------------------------
/General Web Attacks/graphQL.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/graphQL.md


--------------------------------------------------------------------------------
/General Web Attacks/http_request_smuggling.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/http_request_smuggling.py


--------------------------------------------------------------------------------
/General Web Attacks/open_redirects.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/General Web Attacks/open_redirects.md


--------------------------------------------------------------------------------
/Java/jdwp-shellifier/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Java/jdwp-shellifier/README.md


--------------------------------------------------------------------------------
/Java/jdwp-shellifier/exp.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Java/jdwp-shellifier/exp.py


--------------------------------------------------------------------------------
/Java/jdwp-shellifier/jdwp-masscan.cfg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Java/jdwp-shellifier/jdwp-masscan.cfg


--------------------------------------------------------------------------------
/Java/jdwp-shellifier/jdwp-shellifier.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Java/jdwp-shellifier/jdwp-shellifier.py


--------------------------------------------------------------------------------
/Jboss bsh.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Jboss bsh.md


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/LICENSE


--------------------------------------------------------------------------------
/MSSQL/mssql_adv.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/MSSQL/mssql_adv.md


--------------------------------------------------------------------------------
/MySQL/mysql_readfile_without_filepriv.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/MySQL/mysql_readfile_without_filepriv.md


--------------------------------------------------------------------------------
/OAuth/leaking_oauth_tokens_via_redir.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/OAuth/leaking_oauth_tokens_via_redir.md


--------------------------------------------------------------------------------
/PHP/LFI to Code Execution:
--------------------------------------------------------------------------------
1 | http://vexillium.org/pub/003.html
2 | 


--------------------------------------------------------------------------------
/PHP/php_expect_rce.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/PHP/php_expect_rce.md


--------------------------------------------------------------------------------
/PHP/php_filter_lfi.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/PHP/php_filter_lfi.md


--------------------------------------------------------------------------------
/PHP/php_input_lfi.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/PHP/php_input_lfi.md


--------------------------------------------------------------------------------
/PHP/php_nullbyte_alternative.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/PHP/php_nullbyte_alternative.md


--------------------------------------------------------------------------------
/PHP/wordpress_xmlrpc_pingback_dos.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/PHP/wordpress_xmlrpc_pingback_dos.py


--------------------------------------------------------------------------------
/Python/bypass_filters.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Python/bypass_filters.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/README.md


--------------------------------------------------------------------------------
/Server_Health_Check.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/Server_Health_Check.py


--------------------------------------------------------------------------------
/TypeScript/React_Next.js Secure Code Review Checklist.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/TypeScript/React_Next.js Secure Code Review Checklist.md


--------------------------------------------------------------------------------
/clone.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ajinabraham/WebAppSec/HEAD/clone.html


--------------------------------------------------------------------------------