Skip to content

Vulnerabilities

Your attack surface breakdown. Each section covers finding, exploiting, bypassing, and escalating.

  • Server-Side

    SQLi, SSRF, Command Injection, XXE, SSTI, File Upload...

    Server-Side

  • Client-Side

    XSS, CSRF, DOM attacks, postMessage, Prototype Pollution...

    Client-Side

  • Auth & Access

    OAuth, JWT, IDOR, CORS, Sessions, 2FA bypass...

    Auth & Access

  • Logic

    Race conditions, payment bypass, rate limits, captcha...

    Logic Flaws

  • Infrastructure

    Subdomain takeover, cache poisoning, request smuggling...

    Infrastructure

  • AI Security

    Prompt injection, agent hijacking, data poisoning...

    AI Security

By Severity

Severity Typical Vulns
🔴 Critical SQLi, SSRF, RCE, Auth Bypass
🟠 High XSS, IDOR, Priv Esc, CSRF
🟡 Medium Info Disclosure, Open Redirect
🟢 Low Verbose Errors, Missing Headers

Quick Start

New to a vuln class? Start with the index page of each section for:

  • Overview of the vulnerability
  • Common entry points
  • Quick test payloads
  • Links to detailed guides