SQL Injection
Error-based, union-based, blind, and time-based SQLi; sqlmap usage
XSS
Reflected, stored, and DOM-based XSS; cookie theft, keylogging, CSRF chains
SSRF
Server-side request forgery; reaching internal services, cloud metadata, and blind SSRF
File Upload
Bypassing extension filters and content-type checks to upload web shells
LFI / RFI
Local and remote file inclusion; log poisoning, PHP wrappers, RCE paths
Command Injection
OS command injection patterns, WAF bypass techniques, blind exfil methods
Auth Bypass
Broken authentication, JWT attacks, OAuth misconfigs, forced browsing