Testlab
Preparation
Notes on techniques
TryHackMe rooms
Web client
Web server
XSS
SQLi
CSRF
Clickjacking
DOM-based vulns
CORS
XXE
SSRF
HTTP request smuggling
OS command injection
SSTI
Directory traversal
Access control vulnerabilities
Authentication
Websockets
Web cache poisoning
Insecure deserialisation
Information disclosure
Business logic vulnerabilities
HTTP Host header attacks
OAuth authentication
File upload vulnerabilities
JWT
Prototype pollution
root-me challenge: File upload - Null byte: Hack this photo galery by uploading PHP code.
File upload techniques (these writeups)
Secure file upload in PHP web applications