# Web Vulnerabilities

- [Server-Side](/web-pentesting/web-vulnerabilities/server-side.md)
- [NoSQL Injection](/web-pentesting/web-vulnerabilities/server-side/nosql-injection.md)
- [SQL Injection](/web-pentesting/web-vulnerabilities/server-side/sql-injection.md)
- [UNION Attacks](/web-pentesting/web-vulnerabilities/server-side/sql-injection/union-attacks.md)
- [Blind Attacks](/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli.md)
- [Boolean Based](/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli/boolean-based.md)
- [Time Based](/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli/time-based.md)
- [Error Based](/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli/error-based.md)
- [Insecure Deserialization](/web-pentesting/web-vulnerabilities/server-side/deserialization.md)
- [.NET Deserialization](/web-pentesting/web-vulnerabilities/server-side/deserialization/dotnet.md)
- [Python Deserialization](/web-pentesting/web-vulnerabilities/server-side/deserialization/python.md)
- [PHP Deserialization](/web-pentesting/web-vulnerabilities/server-side/deserialization/php.md)
- [Java Deserialization](/web-pentesting/web-vulnerabilities/server-side/deserialization/java.md)
- [Ruby Deserialization](/web-pentesting/web-vulnerabilities/server-side/deserialization/ruby.md)
- [File Inclusion & Path Traversal](/web-pentesting/web-vulnerabilities/server-side/file-inclusion.md)
- [LFI to RCE](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce.md)
- [PHP Wrappers](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/php-wrappers.md)
- [Logs Poisoning](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/logs-poisoning.md)
- [/proc](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/proc.md)
- [PHPInfo](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/phpinfo.md)
- [PHP Sessions](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/php-sessions.md)
- [Segmentation Fault](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/segmentation-fault.md)
- [RFI to RCE](/web-pentesting/web-vulnerabilities/server-side/file-inclusion/rfi-to-rce.md)
- [Command Injection](/web-pentesting/web-vulnerabilities/server-side/command-injection.md)
- [Brute-Force](/web-pentesting/web-vulnerabilities/server-side/brute-force.md)
- [SSTI (Server-Side Template Injection)](/web-pentesting/web-vulnerabilities/server-side/ssti.md)
- [Exposed Git Repositories](/web-pentesting/web-vulnerabilities/server-side/exposed-git-repositories.md): OWASP A3:2017-Sensitive Data Exposure
- [File Upload](/web-pentesting/web-vulnerabilities/server-side/file-upload.md)
- [Client-Side](/web-pentesting/web-vulnerabilities/client-side.md)
- [XSS (Cross-Site Scripting)](/web-pentesting/web-vulnerabilities/client-side/xss-cross-site-scripting.md)
- [CORS (Cross-origin resource sharing)](/web-pentesting/web-vulnerabilities/client-side/cors-cross-origin-resource-sharing.md)