# Pentesting Web - [Web Vulnerabilities Methodology](https://hacktricks.xsx.tw/pentesting-web/web-vulnerabilities-methodology.md) - [Reflecting Techniques - PoCs and Polygloths CheatSheet](https://hacktricks.xsx.tw/pentesting-web/pocs-and-polygloths-cheatsheet.md) - [Web Vulns List](https://hacktricks.xsx.tw/pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md) - [2FA/OTP Bypass](https://hacktricks.xsx.tw/pentesting-web/2fa-bypass.md) - [Account Takeover](https://hacktricks.xsx.tw/pentesting-web/account-takeover.md) - [Browser Extension Pentesting Methodology](https://hacktricks.xsx.tw/pentesting-web/browser-extension-pentesting-methodology.md) - [BrowExt - ClickJacking](https://hacktricks.xsx.tw/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md) - [BrowExt - permissions & host\_permissions](https://hacktricks.xsx.tw/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md) - [BrowExt - XSS Example](https://hacktricks.xsx.tw/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md) - [Bypass Payment Process](https://hacktricks.xsx.tw/pentesting-web/bypass-payment-process.md) - [Captcha Bypass](https://hacktricks.xsx.tw/pentesting-web/captcha-bypass.md) - [Cache Poisoning and Cache Deception](https://hacktricks.xsx.tw/pentesting-web/cache-deception.md) - [Cache Poisoning to DoS](https://hacktricks.xsx.tw/pentesting-web/cache-deception/cache-poisoning-to-dos.md) - [Clickjacking](https://hacktricks.xsx.tw/pentesting-web/clickjacking.md) - [Client Side Template Injection (CSTI)](https://hacktricks.xsx.tw/pentesting-web/client-side-template-injection-csti.md) - [Client Side Path Traversal](https://hacktricks.xsx.tw/pentesting-web/client-side-path-traversal.md) - [Command Injection](https://hacktricks.xsx.tw/pentesting-web/command-injection.md) - [Content Security Policy (CSP) Bypass](https://hacktricks.xsx.tw/pentesting-web/content-security-policy-csp-bypass.md) - [CSP bypass: self + 'unsafe-inline' with Iframes](https://hacktricks.xsx.tw/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md) - [Cookies Hacking](https://hacktricks.xsx.tw/pentesting-web/hacking-with-cookies.md) - [Cookie Tossing](https://hacktricks.xsx.tw/pentesting-web/hacking-with-cookies/cookie-tossing.md) - [Cookie Jar Overflow](https://hacktricks.xsx.tw/pentesting-web/hacking-with-cookies/cookie-jar-overflow.md) - [Cookie Bomb](https://hacktricks.xsx.tw/pentesting-web/hacking-with-cookies/cookie-bomb.md) - [CORS - Misconfigurations & Bypass](https://hacktricks.xsx.tw/pentesting-web/cors-bypass.md) - [CRLF (%0D%0A) Injection](https://hacktricks.xsx.tw/pentesting-web/crlf-0d-0a.md) - [CSRF (Cross Site Request Forgery)](https://hacktricks.xsx.tw/pentesting-web/csrf-cross-site-request-forgery.md) - [Dangling Markup - HTML scriptless injection](https://hacktricks.xsx.tw/pentesting-web/dangling-markup-html-scriptless-injection.md) - [SS-Leaks](https://hacktricks.xsx.tw/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md) - [Dependency Confusion](https://hacktricks.xsx.tw/pentesting-web/dependency-confusion.md) - [Deserialization](https://hacktricks.xsx.tw/pentesting-web/deserialization.md) - [NodeJS - \_\_proto\_\_ & prototype Pollution](https://hacktricks.xsx.tw/pentesting-web/deserialization/nodejs-proto-prototype-pollution.md) - [Client Side Prototype Pollution](https://hacktricks.xsx.tw/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md) - [Express Prototype Pollution Gadgets](https://hacktricks.xsx.tw/pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md) - [Prototype Pollution to RCE](https://hacktricks.xsx.tw/pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md) - [Java JSF ViewState (.faces) Deserialization](https://hacktricks.xsx.tw/pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md) - [Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner](https://hacktricks.xsx.tw/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md) - [Basic Java Deserialization (ObjectInputStream, readObject)](https://hacktricks.xsx.tw/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md) - [PHP - Deserialization + Autoload Classes](https://hacktricks.xsx.tw/pentesting-web/deserialization/php-deserialization-+-autoload-classes.md) - [CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep](https://hacktricks.xsx.tw/pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md) - [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)](https://hacktricks.xsx.tw/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md) - [Exploiting \_\_VIEWSTATE knowing the secrets](https://hacktricks.xsx.tw/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md) - [Exploiting \_\_VIEWSTATE without knowing the secrets](https://hacktricks.xsx.tw/pentesting-web/deserialization/exploiting-__viewstate-parameter.md) - [Python Yaml Deserialization](https://hacktricks.xsx.tw/pentesting-web/deserialization/python-yaml-deserialization.md) - [JNDI - Java Naming and Directory Interface & Log4Shell](https://hacktricks.xsx.tw/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md) - [Domain/Subdomain takeover](https://hacktricks.xsx.tw/pentesting-web/domain-subdomain-takeover.md) - [Email Injections](https://hacktricks.xsx.tw/pentesting-web/email-injections.md) - [File Inclusion/Path traversal](https://hacktricks.xsx.tw/pentesting-web/file-inclusion.md) - [phar:// deserialization](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/phar-deserialization.md) - [LFI2RCE via PHP Filters](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md) - [LFI2RCE via Nginx temp files](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md) - [LFI2RCE via PHP\_SESSION\_UPLOAD\_PROGRESS](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/via-php_session_upload_progress.md) - [LFI2RCE via Segmentation Fault](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md) - [LFI2RCE via phpinfo()](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md) - [LFI2RCE Via temp file uploads](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md) - [LFI2RCE via Eternal waiting](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md) - [LFI2RCE Via compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Path Disclosure](https://hacktricks.xsx.tw/pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md) - [File Upload](https://hacktricks.xsx.tw/pentesting-web/file-upload.md) - [PDF Upload - XXE and CORS bypass](https://hacktricks.xsx.tw/pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md) - [Formula/CSV/Doc/LaTeX/GhostScript Injection](https://hacktricks.xsx.tw/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md) - [gRPC-Web Pentest](https://hacktricks.xsx.tw/pentesting-web/grpc-web-pentest.md) - [HTTP Connection Contamination](https://hacktricks.xsx.tw/pentesting-web/http-connection-contamination.md) - [HTTP Connection Request Smuggling](https://hacktricks.xsx.tw/pentesting-web/http-connection-request-smuggling.md) - [HTTP Request Smuggling / HTTP Desync Attack](https://hacktricks.xsx.tw/pentesting-web/http-request-smuggling.md) - [Browser HTTP Request Smuggling](https://hacktricks.xsx.tw/pentesting-web/http-request-smuggling/browser-http-request-smuggling.md) - [Request Smuggling in HTTP/2 Downgrades](https://hacktricks.xsx.tw/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md) - [HTTP Response Smuggling / Desync](https://hacktricks.xsx.tw/pentesting-web/http-response-smuggling-desync.md) - [Upgrade Header Smuggling](https://hacktricks.xsx.tw/pentesting-web/h2c-smuggling.md) - [hop-by-hop headers](https://hacktricks.xsx.tw/pentesting-web/abusing-hop-by-hop-headers.md) - [IDOR](https://hacktricks.xsx.tw/pentesting-web/idor.md) - [Integer Overflow](https://hacktricks.xsx.tw/pentesting-web/integer-overflow.md) - [JWT Vulnerabilities (Json Web Tokens)](https://hacktricks.xsx.tw/pentesting-web/hacking-jwt-json-web-tokens.md) - [LDAP Injection](https://hacktricks.xsx.tw/pentesting-web/ldap-injection.md) - [Login Bypass](https://hacktricks.xsx.tw/pentesting-web/login-bypass.md) - [Login bypass List](https://hacktricks.xsx.tw/pentesting-web/login-bypass/sql-login-bypass.md) - [NoSQL injection](https://hacktricks.xsx.tw/pentesting-web/nosql-injection.md) - [OAuth to Account takeover](https://hacktricks.xsx.tw/pentesting-web/oauth-to-account-takeover.md) - [Open Redirect](https://hacktricks.xsx.tw/pentesting-web/open-redirect.md) - [Parameter Pollution](https://hacktricks.xsx.tw/pentesting-web/parameter-pollution.md) - [Phone Number Injections](https://hacktricks.xsx.tw/pentesting-web/phone-number-injections.md) - [PostMessage Vulnerabilities](https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities.md) - [Blocking main page to steal postmessage](https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md) - [Bypassing SOP with Iframes - 1](https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md) - [Bypassing SOP with Iframes - 2](https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md) - [Steal postmessage modifying iframe location](https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md) - [Proxy / WAF Protections Bypass](https://hacktricks.xsx.tw/pentesting-web/proxy-waf-protections-bypass.md) - [Race Condition](https://hacktricks.xsx.tw/pentesting-web/race-condition.md) - [Rate Limit Bypass](https://hacktricks.xsx.tw/pentesting-web/rate-limit-bypass.md) - [Registration & Takeover Vulnerabilities](https://hacktricks.xsx.tw/pentesting-web/registration-vulnerabilities.md) - [Regular expression Denial of Service - ReDoS](https://hacktricks.xsx.tw/pentesting-web/regular-expression-denial-of-service-redos.md) - [Reset/Forgotten Password Bypass](https://hacktricks.xsx.tw/pentesting-web/reset-password.md) - [SAML Attacks](https://hacktricks.xsx.tw/pentesting-web/saml-attacks.md) - [SAML Basics](https://hacktricks.xsx.tw/pentesting-web/saml-attacks/saml-basics.md) - [Server Side Inclusion/Edge Side Inclusion Injection](https://hacktricks.xsx.tw/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md) - [SQL Injection](https://hacktricks.xsx.tw/pentesting-web/sql-injection.md) - [MS Access SQL Injection](https://hacktricks.xsx.tw/pentesting-web/sql-injection/ms-access-sql-injection.md) - [MSSQL Injection](https://hacktricks.xsx.tw/pentesting-web/sql-injection/mssql-injection.md) - [MySQL injection](https://hacktricks.xsx.tw/pentesting-web/sql-injection/mysql-injection.md) - [MySQL File priv to SSRF/RCE](https://hacktricks.xsx.tw/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md) - [Oracle injection](https://hacktricks.xsx.tw/pentesting-web/sql-injection/oracle-injection.md) - [Cypher Injection (neo4j)](https://hacktricks.xsx.tw/pentesting-web/sql-injection/cypher-injection-neo4j.md) - [PostgreSQL injection](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection.md) - [dblink/lo\_import data exfiltration](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md) - [PL/pgSQL Password Bruteforce](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md) - [Network - Privesc, Port Scanner and NTLM chanllenge response disclosure](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md) - [Big Binary Files Upload (PostgreSQL)](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md) - [RCE with PostgreSQL Languages](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md) - [RCE with PostgreSQL Extensions](https://hacktricks.xsx.tw/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md) - [SQLMap - Cheetsheat](https://hacktricks.xsx.tw/pentesting-web/sql-injection/sqlmap.md) - [Second Order Injection - SQLMap](https://hacktricks.xsx.tw/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md) - [SSRF (Server Side Request Forgery)](https://hacktricks.xsx.tw/pentesting-web/ssrf-server-side-request-forgery.md) - [URL Format Bypass](https://hacktricks.xsx.tw/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md) - [SSRF Vulnerable Platforms](https://hacktricks.xsx.tw/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md) - [Cloud SSRF](https://hacktricks.xsx.tw/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md) - [SSTI (Server Side Template Injection)](https://hacktricks.xsx.tw/pentesting-web/ssti-server-side-template-injection.md) - [EL - Expression Language](https://hacktricks.xsx.tw/pentesting-web/ssti-server-side-template-injection/el-expression-language.md) - [Jinja2 SSTI](https://hacktricks.xsx.tw/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md) - [Reverse Tab Nabbing](https://hacktricks.xsx.tw/pentesting-web/reverse-tab-nabbing.md) - [Unicode Injection](https://hacktricks.xsx.tw/pentesting-web/unicode-injection.md) - [Unicode Normalization](https://hacktricks.xsx.tw/pentesting-web/unicode-injection/unicode-normalization.md) - [WebSocket Attacks](https://hacktricks.xsx.tw/pentesting-web/websocket-attacks.md) - [Web Tool - WFuzz](https://hacktricks.xsx.tw/pentesting-web/web-tool-wfuzz.md) - [XPATH injection](https://hacktricks.xsx.tw/pentesting-web/xpath-injection.md) - [XSLT Server Side Injection (Extensible Stylesheet Language Transformations)](https://hacktricks.xsx.tw/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md) - [XXE - XEE - XML External Entity](https://hacktricks.xsx.tw/pentesting-web/xxe-xee-xml-external-entity.md) - [XSS (Cross Site Scripting)](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting.md) - [Abusing Service Workers](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md) - [Chrome Cache to XSS](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md) - [Debugging Client Side JS](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md) - [Dom Clobbering](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/dom-clobbering.md) - [DOM Invader](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/dom-invader.md) - [DOM XSS](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/dom-xss.md) - [Iframes in XSS, CSP and SOP](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md) - [JS Hoisting](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/js-hoisting.md) - [Misc JS Tricks & Relevant Info](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/other-js-tricks.md) - [PDF Injection](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/pdf-injection.md) - [Server Side XSS (Dynamic PDF)](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md) - [Shadow DOM](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/shadow-dom.md) - [SOME - Same Origin Method Execution](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md) - [Sniff Leak](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/sniff-leak.md) - [Steal Info JS](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/steal-info-js.md) - [XSS in Markdown](https://hacktricks.xsx.tw/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md) - [XSSI (Cross-Site Script Inclusion)](https://hacktricks.xsx.tw/pentesting-web/xssi-cross-site-script-inclusion.md) - [XS-Search/XS-Leaks](https://hacktricks.xsx.tw/pentesting-web/xs-search.md) - [Connection Pool Examples](https://hacktricks.xsx.tw/pentesting-web/xs-search/connection-pool-example.md) - [Connection Pool by Destination Example](https://hacktricks.xsx.tw/pentesting-web/xs-search/connection-pool-by-destination-example.md) - [Cookie Bomb + Onerror XS Leak](https://hacktricks.xsx.tw/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md) - [URL Max Length - Client Side](https://hacktricks.xsx.tw/pentesting-web/xs-search/url-max-length-client-side.md) - [performance.now example](https://hacktricks.xsx.tw/pentesting-web/xs-search/performance.now-example.md) - [performance.now + Force heavy task](https://hacktricks.xsx.tw/pentesting-web/xs-search/performance.now-+-force-heavy-task.md) - [Event Loop Blocking + Lazy images](https://hacktricks.xsx.tw/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md) - [JavaScript Execution XS Leak](https://hacktricks.xsx.tw/pentesting-web/xs-search/javascript-execution-xs-leak.md) - [CSS Injection](https://hacktricks.xsx.tw/pentesting-web/xs-search/css-injection.md) - [CSS Injection Code](https://hacktricks.xsx.tw/pentesting-web/xs-search/css-injection/css-injection-code.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hacktricks.xsx.tw/pentesting-web.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.