> For the complete documentation index, see [llms.txt](https://sec88.0x88.online/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sec88.0x88.online/web-appsec.md). # Web-AppSec ## Bugs Advanced Exploitation > \[!bug] HTB: Corporate | 0xdf hacks stuff ## Resolved Reports > \[!Important] Top Discloused ReportsGitHub - reddelexc/hackerone-reports: Top disclosed reports from HackerOne ⭐ [Reports | Bugreader](https://bugreader.com/reports) ## Blind , CSRF … POC > \[!NOTE] Free Hosting Login to your account - InfinityFree ## Articles [All Web Security Academy topics | Web Security Academy - PortSwigger](https://portswigger.net/web-security/all-topics) ⭐ ### Cloud [Blogs - RedHunt Labs](https://redhuntlabs.com/blogs/) ## Git Books > \[!important] > > * [HackTricks](https://book.hacktricks.xyz/) > * [Payloads All The Things](https://techbrunch.github.io/) > * [Exploit Notes](https://exploit-notes.hdks.org/) > * [HowToHunt.md \\| HowToHunt](https://kathan19.gitbook.io/howtohunt) ## Lists * **Crypto-Cat** List [GitHub - Crypto-Cat/CTF: CTF chall write-ups, files, scripts etc (trying to be more organised LOL)](https://github.com/Crypto-Cat/CTF?tab=readme-ov-file) * Lists for coding, AI , Cybersecurity [GitHub - 0xor0ne/awesome-list: Cybersecurity oriented awesome list](https://github.com/0xor0ne/awesome-list?tab=readme-ov-file#awesome-lists) * **Books** , **Tools** , **Talks**[GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters) * **Jhaddix** Bookmarks [pentest-bookmarks/wiki/BookmarksList.wiki at master · jhaddix/pentest-bookmarks · GitHub](https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki#user-content-Methodologies) * **Books** list [GitHub - yeahhub/Hacking-Security-Ebooks: Top 100 Hacking & Security E-Books (Free Download)](https://github.com/yeahhub/Hacking-Security-Ebooks) ## Mind Maps [Xmind Share - Xmind - Mind Mapping App](https://xmind.app/share/_xmind_EhTtFcrAIR/) ## Write ups [Blog - Security Cipher](https://securitycipher.com/blog/)[Blog - Black Hills Information Security](https://www.blackhillsinfosec.com/blog/)[All Articles - PortSwigger Research](https://portswigger.net/research/articles) ⭐ [Blog - Pentester Land](https://pentester.land/blog/) ⭐ * medium but only Cyber Security shit [InfoSec Write-ups](https://infosecwriteups.com/)⭐ [Facebook Writeups](https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups) > \[!important] Writeups - Pentester Land ⭐ ### personal writeups [All Things Security](https://blog.dixitaditya.com/?source=top_nav_blog_home)⭐ > \[!bug] James Kettle upcoming talks & research portfolio [Monke's Security Blog](https://web.archive.org/web/20211126224307/https://monke.ie/)[Writeups Archives - Labs Detectify](https://labs.detectify.com/category/writeups/)[Blog Posts | Corben Leo](https://corben.io/blog) ⭐ [Who Am I ? | KARIM ASHRAF SPACE.](https://karim-ashraf.gitbook.io/) ⭐ blue team defense labs [Writeups - Ahmad Halabi](https://ahmadhalabi.net/writeups/) ⭐ [justAhmed's Blog](https://justahmed.github.io/) ⭐ [Youssef Sammouda](https://ysamm.com/)⭐ [Mohamed Sayed - Blog](https://flex0geek.blogspot.com/) ⭐ [**\~/kpwn$**](https://kpwn.de/) ⭐ [Orange](https://blog-orange-tw.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp) ⭐ [Yassine Aboukir – Application security engineering, consulting and bug bounties](https://www.yassineaboukir.com/) ⭐ > \[!bug] Youssef Sammouda⭐ > \[!bug] POSIX ⭐ HTB [Boschko Security Blog](https://boschko.ca/)[Vickie Li's Security Blog](https://vickieli.dev/)[home · Joseph Thacker](http://josephthacker.com/) > \[!important] LLM Pentesting Embrace The Red · Embrace The Red > \[!important] XSS Site Unreachable ## Tools [jhaddix (jhaddix) / Repositories · GitHub](https://github.com/jhaddix?tab=repositories)[Xmind Share - Xmind - Mind Mapping App](https://xmind.app/share/_xmind_EhTtFcrAIR/)[offsec.tools - A vast collection of security tools](https://offsec.tools/)[tomnomnom (Tom Hudson) / Following · GitHub](https://github.com/tomnomnom?tab=following) ## Creators [securitycreators](https://securitycreators.video/)[talks.md](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/talks.md#General-Bug-Bounty-Talks) ## CTFs [CryptoCat's CTF writeups | CTF Writeups](https://crypto-cat.gitbook.io/ctf-writeups)[A guide to get started with CTFs & Hacking : r/Btechtards](https://www.reddit.com/r/Btechtards/comments/1emyf3g/a_guide_to_get_started_with_ctfs_hacking/) ⭐ [CTFtime.org / All about CTF (Capture The Flag)](https://ctftime.org/)[Bienvenue \[Root Me : plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information\]](https://www.root-me.org/)[picoCTF - CMU Cybersecurity Competition](https://picoctf.org/) ### Walkthroughs [CryptoCat's CTF writeups | CTF Writeups](https://crypto-cat.gitbook.io/) ## Books [Resources-for-Beginner-Bug-Bounty-Hunters/assets/books.md at master · nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters · GitHub](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/books.md) ## Programming Languages > \[!bug] The Modern \[\[JS]] Tutorial Online Gitbook The Modern JavaScript Tutorial ## BurpSuite Plugins * Make BurpSuite Extensions * [GitHub - snoopysecurity/awesome-burp-extensions: A curated list of amazingly awesome Burp Extensions](https://github.com/snoopysecurity/awesome-burp-extensions?tab=readme-ov-file#burp-extension-training-resources) * Save Projects Extension * [GitHub - Sysc4ll3r/SeriaLog: SeriaLog - BurpSuite Extension for Advanced Logging and State Management](https://github.com/Sysc4ll3r/SeriaLog) * [XSS to RCE](https://swarm.ptsecurity.com/researching-open-source-apps-for-xss-to-rce-flaws/) * [SSRF to RCE](https://medium.com/@Land2Cyber/ssrf-to-rce-a-case-study-in-exploiting-chained-vulnerabilities-78f290ae9011) * [XXE to RCE](https://airman604.medium.com/from-xxe-to-rce-with-php-expect-the-missing-link-a18c265ea4c7) * [SQLI to RCE](https://aditya-chauhan17.medium.com/sql-injection-to-rce-dd538d49a7f) * [File Upload to RCE](https://sidblog.medium.com/file-upload-to-rce-7c04b3b252de) * [Web-Sec in Arabic](https://mohamed-ashraf.notion.site/Checklist-1527e89dd232448a9eba984592ad5f83) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sec88.0x88.online/web-appsec.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.