<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/1.+Reflected+XSS+into+HTML+context+with+nothing+encoded</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/6.+DOM+XSS+in+jQuery+selector+sink+using+a+hashchange+event</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/5.+DOM+XSS+in+jQuery+anchor+href+attribute+sink+using+location.search+source</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/4.+DOM+XSS+in+innerHTML+sink+using+source+location.search</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/3.+DOM+XSS+in+document.write+sink+using+source+location.search</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/2.+Stored+XSS+into+HTML+context+with+nothing+encoded</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/15.+Reflected+XSS+into+HTML+context+with+all+tags+blocked+except+custom+ones</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/8.+Stored+XSS+into+anchor+href+attribute+with+double+quotes+HTML-encoded</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/7.+Reflected+XSS+into+attribute+with+angle+brackets+HTML-encoded</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/%F0%9F%91%BE+XSS+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+XSS+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/14.+Reflected+XSS+into+HTML+context+with+most+tags+and+attributes+blocked</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/13.+Stored+DOM+XSS</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/11.+DOM+XSS+in+AngularJS+expression+with+angle+brackets+and+double+quotes+HTML-encoded</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/10.+DOM+XSS+in+document.write+sink+using+source+location.search+inside+a+select+element</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/9.+Reflected+XSS+into+a+JavaScript+string+with+angle+brackets+HTML+encoded</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/12.+Reflected+DOM+XSS</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/20.+Stored+XSS+into+onclick+event+with+angle+brackets+and+double+quotes+HTML-encoded+and+single+quotes+and+backslash+escaped</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/19.+Reflected+XSS+into+a+JavaScript+string+with+angle+brackets+and+double+quotes+HTML-encoded+and+single+quotes+escaped</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/18.+Reflected+XSS+into+a+JavaScript+string+with+single+quote+and+backslash+escaped</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/17.+Reflected+XSS+in+canonical+link+tag</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/16.+Reflected+XSS+with+some+SVG+markup+allowed</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/24.+Exploiting+XSS+to+bypass+CSRF+defenses</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/23.+Exploiting+cross-site+scripting+to+capture+passwords</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/22.+Exploiting+cross-site+scripting+to+steal+cookies</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/21.+Reflected+XSS+into+a+template+literal+with+angle+brackets%2C+single%2C+double+quotes%2C+backslash+and+backticks+Unicode-escaped</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/5.+DOM-based+cookie+manipulation</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/%F0%9F%9B%A1%EF%B8%8F+XSS+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/4.+DOM-based+open+redirection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/3.+DOM+XSS+using+web+messages+and+JSON.parse</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/2.+DOM+XSS+using+web+messages+and+a+JavaScript+URL</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/1.++DOM+XSS+using+web+messages</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/4.+Exploiting+insecure+output+handling+in+LLMs</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/3.+Indirect+prompt+injection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/2.+Exploiting+vulnerabilities+in+LLM+APIs</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/1.+Exploiting+LLM+APIs+with+excessive+agency</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/%F0%9F%9B%A1%EF%B8%8F+LLM+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/%F0%9F%9B%A1%EF%B8%8F+WCD+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/%F0%9F%91%BE+WCD+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/4.+Exploiting+cache+server+normalization+for+web+cache+deception</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/3.+Exploiting+origin+server+normalization+for+web+cache+deception</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/2.+Exploiting+path+delimiters+for+web+cache+deception</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/1.+Exploiting+path+mapping+for+web+cache+deception</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/API+testing/Portswigger/4.+Exploiting+a+mass+assignment+vulnerability</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/API+testing/Portswigger/3.+Finding+and+exploiting+an+unused+API+endpoint</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/API+testing/Portswigger/2.+Exploiting+server-side+parameter+pollution+in+a+query+string</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/API+testing/Portswigger/1.+Exploiting+an+API+endpoint+using+documentation</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/API+testing/Portswigger/%F0%9F%9B%A1%EF%B8%8F+API+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/NoSQL+Injection/Portswigger/3.+Exploiting+NoSQL+injection+to+extract+data</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/NoSQL+Injection/Portswigger/2.+Exploiting+NoSQL+operator+injection+to+bypass+authentication</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/NoSQL+Injection/Portswigger/%F0%9F%91%BE+XSS+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/NoSQL+Injection/Portswigger/%F0%9F%9B%A1%EF%B8%8F+XSS+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/NoSQL+Injection/Portswigger/1.+Detecting+NoSQL+injection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/18.+SQL+injection+with+filter+bypass+via+XML+encoding</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/17.+Blind+SQL+injection+with+out-of-band+data+exfiltration</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/16.+Blind+SQL+injection+with+out-of-band+interaction</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/15.+Blind+SQL+injection+with+time+delays+and+information+retrieval</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/11.+Blind+SQL+injection+with+conditional+responses</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/14.+Blind+SQL+injection+with+time+delays</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/%F0%9F%9B%A1%EF%B8%8F+SQLi+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/13.+Visible+error-based+SQL+injection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/12.+Blind+SQL+injection+with+conditional+errors</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/10.+SQL+injection+UNION+attack%2C+retrieving+multiple+values+in+a+single+column</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/9.+SQL+injection+UNION+attack%2C+retrieving+data+from+other+tables</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/8.+SQL+injection+UNION+attack%2C+finding+a+column+containing+text</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/7.+SQL+injection+UNION+attack%2C+determining+the+number+of+columns+returned+by+the+query</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/6.+SQL+injection+attack%2C+listing+the+database+contents+on+Oracle</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/5.+SQL+injection+attack%2C+listing+the+database+contents+on+non-Oracle+databases</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/4.+SQL+injection+attack%2C+querying+the+database+type+and+version+on+MySQL+and+Microsoft</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/3.+SQL+injection+attack%2C+querying+the+database+type+and+version+on+Oracle</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/%F0%9F%91%BE+SQLi+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/2.+SQL+injection+vulnerability+allowing+login+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SQL+Injection/Portswigger/1.+SQL+injection+vulnerability+in+WHERE+clause+allowing+retrieval+of+hidden+data</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/5.+CSRF+where+token+is+tied+to+non-session+cookie</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/4.+CSRF+where+token+is+not+tied+to+user+session</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/3.+CSRF+where+token+validation+depends+on+token+being+present</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/2.+CSRF+where+token+validation+depends+on+request+method</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/1.+CSRF+vulnerability+with+no+defenses</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/%F0%9F%9B%A1%EF%B8%8F+CSRF+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/%F0%9F%91%BE+CSRF+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/6.+File+path+traversal%2C+validation+of+file+extension+with+null+byte+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/4.+File+path+traversal%2C+traversal+sequences+stripped+with+superfluous+URL-decode</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/3.+File+path+traversal%2C+traversal+sequences+stripped+non-recursively</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/2.+File+path+traversal%2C+traversal+sequences+blocked+with+absolute+path+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/%F0%9F%9B%A1%EF%B8%8F+Path+Traversal+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/%F0%9F%91%BE+Path+Traversal+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/1.+File+path+traversal%2C+simple+case</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Path+Traversal/Portswigger/5.+File+path+traversal%2C+validation+of+start+of+path</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Cross-origin+resource+sharing+(CORS)/Portswigger/%F0%9F%9B%A1%EF%B8%8F+CORS+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Cross-origin+resource+sharing+(CORS)/Portswigger/3.+CORS+vulnerability+with+trusted+insecure+protocols</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Cross-origin+resource+sharing+(CORS)/Portswigger/2.+CORS+vulnerability+with+trusted+null+origin</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Cross-origin+resource+sharing+(CORS)/Portswigger/1.+CORS+vulnerability+with+basic+origin+reflection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/12.+CSRF+with+broken+Referer+validation</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/11.+CSRF+where+Referer+validation+depends+on+header+being+present</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/10.+SameSite+Lax+bypass+via+cookie+refresh</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/9.+SameSite+Strict+bypass+via+sibling+domain</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/8.+SameSite+Strict+bypass+via+client-side+redirect</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/7.+SameSite+Lax+bypass+via+method+override</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/CSRF/Portswigger/6.+CSRF+where+token+is+duplicated+in+cookie</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/9.+Exploiting+XXE+to+retrieve+data+by+repurposing+a+local+DTD</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/8.+Exploiting+XXE+via+image+file+upload</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/7.+Exploiting+XInclude+to+retrieve+files</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/6.+Exploiting+blind+XXE+to+retrieve+data+via+error+messages</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/5.+Exploiting+blind+XXE+to+exfiltrate+data+using+a+malicious+external+DTD</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/4.+Blind+XXE+with+out-of-band+interaction+via+XML+parameter+entities</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+XML+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/%F0%9F%91%BE+XML+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/1.+Exploiting+XXE+using+external+entities+to+retrieve+files</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/2.+Exploiting+XXE+to+perform+SSRF+attacks</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XML+external+entity+(XXE)+injection/PortSwigger/3.+Blind+XXE+with+out-of-band+interaction</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/7.+SSRF+with+whitelist-based+input+filter</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/6.+Blind+SSRF+with+Shellshock+exploitation</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/5.+SSRF+with+filter+bypass+via+open+redirection+vulnerability</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/4.+SSRF+with+blacklist-based+input+filter</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/3.+Blind+SSRF+with+out-of-band+detection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/%F0%9F%9B%A1%EF%B8%8F+SSRF+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/%F0%9F%91%BE+SSRF+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/2.+Basic+SSRF+against+another+back-end+system</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSRF/Portswigger/1.+Basic+SSRF+against+the+local+server</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/5.+Blind+OS+command+injection+with+out-of-band+data+exfiltration</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/4.+Blind+OS+command+injection+with+out-of-band+interaction</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/3.+Blind+OS+command+injection+with+output+redirection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/2.+Blind+OS+command+injection+with+time+delays</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/1.+OS+command+injection%2C+simple+case</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+Command+Injection+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Command+Injection/PortSwigger/%F0%9F%91%BE+Command+Injection+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/6.+Server-side+template+injection+in+a+sandboxed+environment</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/5.+Server-side+template+injection+with+information+disclosure+via+user-supplied+objects</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/4.+Server-side+template+injection+in+an+unknown+language+with+a+documented+exploit</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/3.+Server-side+template+injection+using+documentation</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/2.+Basic+server-side+template+injection+(code+context)</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/1.+Basic+server-side+template+injection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+SSTI+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/SSTI/PortSwigger/%F0%9F%91%BE+SSTI+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/13.+Referer-based+access+control</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/12.+Multi-step+process+with+no+access+control+on+one+step</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/11.+Method-based+access+control+can+be+circumvented</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/10.+URL-based+access+control+can+be+circumvented</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/9.+Insecure+direct+object+references</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/8.+User+ID+controlled+by+request+parameter+with+password+disclosure</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/7.+User+ID+controlled+by+request+parameter+with+data+leakage+in+redirect</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/5.+User+ID+controlled+by+request+parameter</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/6.+User+ID+controlled+by+request+parameter%2C+with+unpredictable+user+IDs</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/4.+User+role+can+be+modified+in+user+profile</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/3.+User+role+controlled+by+request+parameter</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/2.+Unprotected+admin+functionality+with+unpredictable+URL</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/1.+Unprotected+admin+functionality</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+Access+Control+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Access+control+vulnerabilities/PortSwigger/%F0%9F%91%BE+Access+Control+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/12.+Password+brute-force+via+password+change</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/11.+Password+reset+poisoning+via+middleware</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/9.+Brute-forcing+a+stay-logged-in+cookie</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/8.+2FA+broken+logic</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/7.+Username+enumeration+via+account+lock</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+Auth+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/6.+Broken+brute-force+protection%2C+IP+block</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/5.+Username+enumeration+via+response+timing</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/10.+Offline+Password+Cracking</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/4.+Username+enumeration+via+subtly+different+responses</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/2.+2FA+simple+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/3.+Password+reset+broken+logic</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/1.+Username+enumeration+via+different+responses</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/JWT+Attacks/PortSwigger/%F0%9F%9B%A1%EF%B8%8F+JWT+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/JWT+Attacks/PortSwigger/4.JWT+authentication+bypass+via+jwk+header+injection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/JWT+Attacks/PortSwigger/3.+JWT+authentication+bypass+via+weak+signing+key</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/JWT+Attacks/PortSwigger/2.+JWT+authentication+bypass+via+flawed+signature+verification</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/JWT+Attacks/PortSwigger/1.+JWT+authentication+bypass+via+unverified+signature</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/%F0%9F%91%BE+File+Upload+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/7.+Web+shell+upload+via+race+condition</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/6.+Remote+code+execution+via+polyglot+web+shell+upload</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/5.+Web+shell+upload+via+obfuscated+file+extension</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/4.+Web+shell+upload+via+extension+blacklist+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/3.+Web+shell+upload+via+path+traversal</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/2.+Web+shell+upload+via+Content-Type+restriction+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/%F0%9F%9B%A1%EF%B8%8F+File+Upload+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/FIle+Upload+Vulnerabilities/Portswigger/1.+Remote+code+execution+via+web+shell+upload</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/7.+Password+reset+poisoning+via+dangling+markup</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/6.+Host+validation+bypass+via+connection+state+attack</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/5.+SSRF+via+flawed+request+parsing</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/4.+Routing-based+SSRF</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/3.+Web+cache+poisoning+via+ambiguous+requests</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/2.+Host+header+authentication+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/1.+Basic+password+reset+poisoning</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/HTTP+Host+Header+Attacks/Portswigger/%F0%9F%91%BE+Host+Header+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WebSockets/Portswigger/3.+Manipulating+the+WebSocket+handshake+to+exploit+vulnerabilities</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WebSockets/Portswigger/%F0%9F%9B%A1%EF%B8%8F+WebSocket+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WebSockets/Portswigger/2.+Cross-site+WebSocket+hijacking</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WebSockets/Portswigger/1.+Manipulating+WebSocket+messages+to+exploit+vulnerabilities</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Information+Disclosure/Portswigger/5.+Information+disclosure+in+version+control+history</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Information+Disclosure/Portswigger/4.+Authentication+bypass+via+information+disclosure</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Information+Disclosure/Portswigger/3.+Source+code+disclosure+via+backup+files</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Information+Disclosure/Portswigger/%F0%9F%9B%A1%EF%B8%8F+Information+Disclosure+Lab+Index+1</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Information+Disclosure/Portswigger/2.+Information+disclosure+on+debug+page</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Information+Disclosure/Portswigger/1.+Information+disclosure+in+error+messages</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/6.+Stealing+OAuth+access+tokens+via+a+proxy+page</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/5.+Stealing+OAuth+access+tokens+via+an+open+redirect</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/4.+OAuth+account+hijacking+via+redirect_uri</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/%F0%9F%9B%A1%EF%B8%8F+OAuth+Traversal+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/3.+Forced+OAuth+profile+linking</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/2.+SSRF+via+OpenID+dynamic+client+registration</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/OAuth/Portswigger/1.+Authentication+bypass+via+OAuth+implicit+flow</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Web+Cache+Deception/Portswigger/5.+Exploiting+exact-match+cache+rules+for+web+cache+deception</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/API+testing/Portswigger/5.+Exploiting+server-side+parameter+pollution+in+a+REST+URL</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/NoSQL+Injection/Portswigger/4.+Exploiting+NoSQL+operator+injection+to+extract+unknown+fields</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/%F0%9F%91%BE+Prototype+Pollution+Payload+Compendium</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/%F0%9F%9B%A1%EF%B8%8F+Prototype+Pollution+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/10.+Exfiltrating+sensitive+data+via+server-side+prototype+pollution</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/9.+Remote+code+execution+via+server-side+prototype+pollution</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/8.+Bypassing+flawed+input+filters+for+server-side+prototype+pollution</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/7.+Detecting+server-side+prototype+pollution+without+polluted+property+reflection</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/6.+Privilege+escalation+via+server-side+prototype+pollution</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/5.+Client-side+prototype+pollution+in+third-party+libraries</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/4.+Client-side+prototype+pollution+via+flawed+sanitization</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/3.+DOM+XSS+via+an+alternative+prototype+pollution+vector</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/2.+DOM+XSS+via+client-side+prototype+pollution</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Prototype+Pollution/Portswigger/1.++Client-side+prototype+pollution+via+browser+APIs</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/5.+Exploiting+time-sensitive+vulnerabilities</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/6.+Partial+construction+race+conditions</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/%F0%9F%9B%A1%EF%B8%8F+Race+Conditions+Lab+Index</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/3.+Multi-endpoint+race+conditions</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/4.+Single-endpoint+race+conditions</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/2.+Bypassing+rate+limits+via+race+conditions</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Race+Conditions/Portswigger/1.+Limit+overrun+race+conditions</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/14.+2FA+bypass+using+a+brute-force+attack</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/Authentication/PortSwigger/13.+Broken+brute-force+protection%2C+multiple+credentials+per+request</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/28.+Reflected+XSS+in+a+JavaScript+URL+with+some+characters+blocked</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/30.+Reflected+XSS+protected+by+CSP%2C+with+CSP+bypass</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/29.+Reflected+XSS+protected+by+very+strict+CSP%2C+with+dangling+markup+attack</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/27.+Reflected+XSS+with+event+handlers+and+href+attributes+blocked</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/26.+Reflected+XSS+with+AngularJS+sandbox+escape+and+CSP</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/XSS/PortSwigger/25.+Reflected+XSS+with+AngularJS+sandbox+escape+without+strings</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/7.+Clobbering+DOM+attributes+to+bypass+HTML+filters</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/DOM-based+vulnerabilities/Portswigger/6.+Exploiting+DOM+clobbering+to+enable+XSS</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/5.+Exploiting+AI+agents+to+perform+destructive+actions</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/6.+Exploiting+AI+agents+to+exfiltrate+sensitive+information</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/8.+Bypassing+AI+scanner+defenses+to+exfiltrate+sensitive+information</loc></url><url><loc>https://notes.bersec.me/Web+Application+Attacks/WEB+LLM+Attacks/Portswigger/7.+Exploiting+AI+agents+to+trigger+secondary+vulnerabilities</loc></url></urlset>