Web vulnerabilities

LFI/RFI

• https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
• https://www.idontplaydarts.com/2011/03/php-remote-file-inclusion-command-shell-using-data-stream/
• Liffy: Local File Inclusion Exploitation Tool
• Upgrade from LFI to RCE via PHP Sessions
• Exploiting PHP File Inclusion – Overview
• Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction
• Bitbucket 6.1.1 Path Traversal to RCE

HTTP parameters pollution

HPP attacks can be defined as the feasibilty to override or add HTTP GET/POST parameters by injecting query string delimiters. HtmlEntities are out of context here.

• OWASP slide
• Black Hat slide

Session Fixation

• http://shiflett.org/articles/session-fixation

SSRF

• Understanding Server-Side Request Forgery
• Server Side Request Forgery (SSRF)
• Guide
• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
• How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
• Vimeo upload function SSRF
• Hidden OAuth attack vectors

CSRF

• Stealing Facebook access_tokens using CSRF in device login flow
• Report Spam. Get Owned

SQLI

• Understanding the full potential of sqlmap during bug bounty hunting
• http://atta.cked.me/home/sqlite3injectioncheatsheet
• http://gwae.trollab.org/sqlite-injection.html
• https://www.trustwave.com/Resources/SpiderLabs-Blog/Sqlmap-Tricks-for-Advanced-SQL-Injection/
• https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
• http://www.slideshare.net/stamparm/ph-days-2013miroslavstamparsqlmapunderthehood
• Bypassing addslashes() (post)
• http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
• Rails SQLI
• Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1
• SQL Injection Wiki

Cloud

• madhuakula/kubernetes-goat designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.