> For the complete documentation index, see [llms.txt](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web.md).

# Web

- [SQL injection (SQLi)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/sql-injection.md)
- [Cross site scripting (XSS)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/cross-site-scripting.md)
- [File inclusions (LFI, RFI)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/file-inclusions.md)
- [Directory traversal](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/directory-traversal.md)
- [Cross site request forgery (CSRF)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/cross-site-request-forgery.md)
- [XML external entity (XXE)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/xml-external-entity-injection.md)
- [Cross origin resource sharing (CORS)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/cross-origin-resource-sharing.md)
- [Server-side request forgery (SSRF)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/server-side-request-forgery.md)
- [Server-side template injection (SSTI)](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/server-side-template-injection.md)
- [Access control vulnerabilities](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/access-control.md)
- [Authentication vulnerabilities](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/authentication.md)
- [JWT attacks](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/jwt-attacks.md)
- [File uploads](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/file-uploads.md)
- [Host header attacks](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/host-header-attacks.md)
- [Clickjacking](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/clickjacking.md)
- [Logic flaws](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/logic-flaws.md)
- [OS command injection](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/os-command-injection.md)
- [HTTP Request smuggling](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/http-request-smuggling.md)
- [Insecure deserialization](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/insecure-deserialization.md)
- [DOM-based](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/dom-based.md)
- [WebSockets](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/websockets.md)
- [Web cache poisoning](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/exploitation/web/web-cache-poisoning.md)
