Skip to content

Server-Side Vulnerabilities

Attacks targeting the server: injection, SSRF, file operations, and backend logic.

  • SQL Injection

    Extract data, bypass auth, escalate to RCE.

    SQLi Guide

  • SSRF

    Reach internal services, cloud metadata, pivot deeper.

    SSRF Guide

  • Injection

    Command, XXE, SSTI, NoSQL, GraphQL, gRPC...

    Injection Guide

Quick Wins

Vuln Test Impact
SQLi ' OR 1=1-- in params 🔴 Critical
SSRF url=http://169.254.169.254/ 🔴 Critical
Command Inj ; id in filename params 🔴 Critical
XXE XML with DOCTYPE 🔴 Critical
SSTI {{7*7}} in templates 🔴 Critical
Path Traversal ../../../etc/passwd 🟠 High

Common Entry Points

  • URL parameters: url=, path=, file=, redirect=
  • Headers: X-Forwarded-For, Host, Referer
  • File uploads: Filename, content-type, file content
  • API endpoints: GraphQL queries, gRPC calls
  • Webhooks: Callback URLs, payload parsing