Web Security Learning
stable
Content Index:
1. Prologue
2. Computer Networks and Protocols
3. Information Collection
4. Common vulnerability attack and defense
4.1. SQL Injection
4.2. XSS
4.2.1. Classification
4.2.2. Hazards
4.2.3. Same Origin Policy
4.2.4. CSP
4.2.5. XSS data sources
4.2.6. Sink
4.2.7. XSS Protection
4.2.8. WAF Bypass
4.2.9. Skills
4.2.9.1. httponly
4.2.9.2. CSS Injection
4.2.9.3. Bypass Via Script Gadgets
4.2.9.4. RPO(Relative Path Overwrite)
4.2.10. Payload
4.2.11. Persistence
4.2.12. Reference Links
4.3. CSRF
4.4. SSRF
4.5. Command Injection
4.6. Directory Traversal
4.7. File reading
4.8. File Upload
4.9. File Include
4.10. XXE
4.11. Template Injection
4.12. Xpath injection
4.13. Logic Vulnerability / Business Vulnerability
4.14. Configuration and Policy Security
4.15. Middleware
4.16. Web Cache Spoofing Attack
4.17. HTTP Request Smuggling
5. Language and Framework
6. Intranet penetration
7. Cloud Security
8. Defense Technology
9. Authentication Mechanism
10. Tools and Resources
11. Manual Quick Check
12. Others
Web Security Learning
»
4.
Common vulnerability attack and defense
»
4.2.
XSS
»
4.2.9.
Skills
4.2.9.
Skills
ΒΆ
Content Index:
4.2.9.1. httponly
4.2.9.2. CSS Injection
4.2.9.2.1. Basic introduction
4.2.9.2.2. CSS selectors
4.2.9.2.3. Abusing Unicode Range
4.2.9.3. Bypass Via Script Gadgets
4.2.9.3.1. Introduction
4.2.9.3.2. Examples
4.2.9.4. RPO(Relative Path Overwrite)