# Web Application Pentesting

- [XSS \<Cross Site Scripting>](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/xss-cross-site-scripting.md)
- [PDF Injection \<XSS>](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/xss-cross-site-scripting/pdf-injection-less-than-xss-greater-than.md)
- [DOM XSS](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/xss-cross-site-scripting/dom-xss.md)
- [Server Side XSS \<Dynamic PDF>](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/xss-cross-site-scripting/server-side-xss-less-than-dynamic-pdf-greater-than.md)
- [XSS Tools](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/xss-cross-site-scripting/xss-tools.md)
- [SSRF \<Server Side Request Forgery>](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/ssrf-less-than-server-side-request-forgery-greater-than.md)
- [Open Redirect Vulnerability](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/open-redirect-vulnerability.md)
- [Command Injection](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/command-injection.md)
- [File Upload](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/file-upload.md)
- [Rate Limit Bypass Techniques](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/rate-limit-bypass.md)
- [IDOR](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/idor.md)
- [Web Cache Poisoning /Web Cache Deception](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/cache-poisoning-and-cache-deception.md)
- [CSRF \<Cross Site Request Forgery>](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/csrf-less-than-cross-site-request-forgery-greater-than.md)
- [XPATH injection](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/xpath-injection.md)
- [LDAP Injection](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/ldap-injection.md)
- [JWT Vulnerabilities \<Json Web Tokens>](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/jwt-vulnerabilities-less-than-json-web-tokens-greater-than.md)
- [CORS - Misconfigurations & Bypass](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/cors-misconfigurations-and-bypass.md)
- [Reset/Forgotten Password Bypass](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/reset-forgotten-password-bypass.md)
- [CRLF (%0D%0A) Injection](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/crlf-0d-0a-injection.md)
- [Clickjacking](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/clickjacking.md)
- [Hostile Domain/Subdomain takeover](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/hostile-domain-subdomain-takeover.md)
- [Server Side Inclusion/Edge Side Inclusion Injection](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/server-side-inclusion-edge-side-inclusion-injection.md)
- [HTTP Request Smuggling / HTTP Desync Attack](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/http-request-smuggling-http-desync-attack.md)
- [SAML Attacks](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/saml-attacks.md)
- [OAuth to Account takeover](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/oauth-to-account-takeover.md)
- [Cross-site WebSocket hijacking (CSWSH)](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/cross-site-websocket-hijacking-cswsh.md)
- [Uncovering CloudFlare](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/uncovering-cloudflare.md)
- [Email Header Injection](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/email-header-injection.md)
- [Unicode Normalization vulnerability](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/unicode-normalization-vulnerability.md)
- [Registration Vulnerabilities](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/registration-vulnerabilities.md)
- [Race Condition](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/race-condition.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.