By name: web description: "Web application exploitation — the primary category skill for all web-based attacks. This is a routing skill: read this first to identify the attack type, then load the appropriate specialized sub-skill for detailed procedures. Covers 11 technique areas across injection, file access, authentication, and API exploitation." allowed-tools: Bash Read Write metadata: subdomain: execution when_to_use: "web exploit, web application, http, https, web vulnerability, injection, web attack, web service, api, cookie, session, authentication bypass, web shell, form, parameter, query string, POST, GET, request, response, web server, apache, nginx, flask, django, express, php, java web, asp.net, ruby on rails, spring, node.js, deserialization, SQL injection, sqlmap, SSTI, template injection, SSRF, IDOR, command injection, RCE, xss, cross-site scripting, xxe, xml, lfi, path traversal, file upload, graphql" tags: web-application, exploitation, injection mitre_attack: T1190, T1059, T1203
Web Application Exploitation — Category Overview
This is a routing skill. It helps you identify the correct attack technique, then directs you to the specialized sub-skill with full exploitation procedures.
Attack Technique Routing
Match the target's characteristics to the right sub-skill:
| Sub-Skill | Covers | When to Load | Path |
|---|---|---|---|
| sqli | Union/Error/Blind/Time-based SQL injection, sqlmap | SQL database, query parameters, login forms, search, filtering | load_skill("/skills/standard/exploit/web/sqli/SKILL.md") |
| blind-sqli | Manual WAF-bypass companion to sqli — token-fingerprinting probe loops, arithmetic-multiplication boolean evaluation, hex-encoded literals, exponential-probe binary search | Load AFTER sqli when sqlmap with --tamper cannot pass the WAF but a binary oracle (two distinct page states) exists; challenge tag is blind_sqli with active filtering |
load_skill("/skills/standard/exploit/web/blind-sqli/SKILL.md") |
| xss | Reflected/stored/DOM XSS, bot exfiltration, CSP bypass | Client-side JS injection, bot/report URL, cookie stealing | load_skill("/skills/standard/exploit/web/xss/SKILL.md") |
| ssti | Jinja2, Twig, Freemarker, ERB, Razor template injection | Template rendering, {{}} or ${} in output, Flask/Symfony/Java |
load_skill("/skills/standard/exploit/web/ssti/SKILL.md") |
| ssrf | Cloud metadata, internal service access, Gopher smuggling | URL fetch parameter, redirect, internal network access | load_skill("/skills/standard/exploit/web/ssrf/SKILL.md") |
| xxe | XML entity injection, SOAP/WSDL, blind OOB | XML processing, SOAP endpoints, XML file uploads | load_skill("/skills/standard/exploit/web/xxe/SKILL.md") |
| lfi | Path traversal, PHP wrappers, log poisoning | File path parameters, ../, include/require, file download |
load_skill("/skills/standard/exploit/web/lfi/SKILL.md") |
| command-injection | OS command injection, blind/OOB, filter bypass | System commands, ping/traceroute, exec, subprocess | load_skill("/skills/standard/exploit/web/command-injection/SKILL.md") |
| deserialization | Java/PHP/.NET/Python deserialization RCE | Serialized objects, base64 blobs, ViewState, pickle | load_skill("/skills/standard/exploit/web/deserialization/SKILL.md") |
| idor | Authorization bypass, ID enumeration, privilege escalation | Object references, sequential IDs, UUIDs, access control | load_skill("/skills/standard/exploit/web/idor/SKILL.md") |
| file-upload | Webshell upload, extension/content-type bypass | File upload forms, unrestricted upload | load_skill("/skills/standard/exploit/web/file-upload/SKILL.md") |
| graphql | Introspection, SQLi via resolvers, auth bypass | GraphQL API, /graphql endpoint, GQL queries | load_skill("/skills/standard/exploit/web/graphql/SKILL.md") |
| race-condition | TOCTOU, parallel POST/GET races, session-write-before-verdict, quota/balance/coupon double-spend | bcrypt/Argon2 auth, check-then-act, slow-op widening race window, challenge tag includes race_condition/toctou/concurrent | load_skill("/skills/standard/exploit/web/race-condition/SKILL.md") |
| smuggling | HTTP request smuggling (HRS) — CL.TE/TE.CL/TE.TE, CL.0, HTTP/2 downgrade (h2.cl, h2.te, CR/LF injection), pipelining, connection-state pinning | Multi-proxy/CDN frontend, differential 4xx/5xx on duplicate or obfuscated TE/CL headers, two Server: strings, h2 frontend with h1 backend, challenge tag includes smuggling_desync/request_smuggling/hrs/desync |
load_skill("/skills/standard/exploit/web/smuggling/SKILL.md") |
| crypto | Padding oracle (Vaudenay), AES-CBC bit-flipping, ECB block substitution, JWT alg confusion, hash-length extension | Base64 cookie/token w/ length %16 or %8, distinct invalid-pad vs auth-fail responses, JWT, repeated 16-byte ciphertext blocks, challenge tag includes crypto/cipher/oracle/captcha |
load_skill("/skills/standard/exploit/web/crypto/SKILL.md") |
| business-logic | POST-body privilege fields, 2FA bypass, predictable TOTP codes, hidden auth headers, multi-step workflow tampering | Challenge tag includes business_logic, privilege_escalation, 2fa_bypass, auth_bypass (not pure IDOR/JWT) |
load_skill("/skills/standard/exploit/web/business-logic/SKILL.md") |
| cve | Known CVE exploitation — fingerprint → cve_lookup → cve_poc_lookup → adapt PoC → flag sweep; CMS/plugin/framework version-specific vulnerabilities |
Challenge tag includes cve, recon fingerprinted a versioned CMS/framework/plugin, challenge name hints at specific software (WordPress, Joomla, Struts, Spring4Shell, Log4j) |
load_skill("/skills/standard/exploit/web/cve/SKILL.md") |
| jwt | JSON Web Token attacks — alg=none, RS256↔HS256 confusion, kid header injection, JWKS spoofing, weak HMAC cracking, signature stripping | Authorization: Bearer eyJ..., id_token= / access_token=, .well-known/jwks.json, .well-known/openid-configuration |
load_skill("/skills/standard/exploit/web/jwt/SKILL.md") |
| oauth | OAuth 2.0 / OIDC abuse — redirect_uri smuggling, state CSRF, code/token leak via referer, PKCE downgrade, scope escalation | /oauth/authorize, /oauth/callback, response_type=code|token, client_id= parameters |
load_skill("/skills/standard/exploit/web/oauth/SKILL.md") |
| saml | SAML SSO abuse — XSW (signature wrapping), XML signature stripping, ACS URL substitution, IdP confusion, comment-in-NameID truncation | SAMLRequest= / SAMLResponse= POST bodies, /Shibboleth.sso/, /saml/acs, ADFS endpoints |
load_skill("/skills/standard/exploit/web/saml/SKILL.md") |
| ato-methodology | Account Takeover end-to-end — credential stuffing, password reset poisoning, email/phone change race, MFA fatigue, session fixation | /login, /reset-password, /account/email, /account/2fa endpoints, MFA enrollment flows |
load_skill("/skills/standard/exploit/web/ato-methodology/SKILL.md") |
| nosqli | NoSQL injection — MongoDB $ne/$gt/$where, Redis CRLF, Cassandra CQL, Couch view injection, DynamoDB filter abuse |
MongoDB/Redis/Cassandra/Couch/Dynamo backends, JSON request bodies with operator-like keys | load_skill("/skills/standard/exploit/web/nosqli/SKILL.md") |
| ldapi | LDAP injection — anonymous bind, wildcard filters, attribute exfil, blind boolean LDAP via attribute presence | LDAP-backed login, cn=/uid=-shaped queries, AD-joined web apps with form auth |
load_skill("/skills/standard/exploit/web/ldapi/SKILL.md") |
| xpath-xslt | XPath / XSLT injection — auth bypass, blind boolean extraction, XSLT RCE via document() / php:function, XEE |
XML-backed search/login, XSLT-transformed responses, ?xsl= parameters |
load_skill("/skills/standard/exploit/web/xpath-xslt/SKILL.md") |
| mass-assignment | Mass-assignment / over-posting — privilege fields (isAdmin, role, verified), nested object injection via JSON, GraphQL input-object abuse |
REST/GraphQL POST/PATCH with JSON bodies, ORM-backed APIs (Rails, Django, Express+Mongoose, Spring) | load_skill("/skills/standard/exploit/web/mass-assignment/SKILL.md") |
| open-redirect | Open redirect — auth callback, SSO relay state, OAuth redirect_uri, header-injection-based, JS-based location overrides |
?url=, ?next=, ?returnTo=, ?redirect=, ?continue= parameters; SSO RelayState |
load_skill("/skills/standard/exploit/web/open-redirect/SKILL.md") |
| cache-deception | Web cache deception — path confusion (/account.css, /account/index.css), Cloudflare/Varnish/CDN cache key abuse, header smuggling |
CDN-fronted apps (Cloudflare, Fastly, Akamai), Cache-Control permissive on static suffixes, per-user pages cacheable |
load_skill("/skills/standard/exploit/web/cache-deception/SKILL.md") |
| dom-clobbering | DOM clobbering — <form id=config> / <a name=cfg> to shadow JS globals, bypass JS validation, defeat client-side sanitizers |
Sites accepting user HTML, postMessage handlers using window.config.*, jQuery-extend patterns |
load_skill("/skills/standard/exploit/web/dom-clobbering/SKILL.md") |
| xs-leaks | Cross-Site Leaks — frame counting, COOP/COEP probing, performance-timing oracles, navigation-side-effects, error-event leaks | Authenticated cross-origin reads, OAuth response inference, SSO state leak, account-existence oracles | load_skill("/skills/standard/exploit/web/xs-leaks/SKILL.md") |
| proxy-misconfig | Reverse-proxy misconfig — origin bypass via Host/X-Forwarded-Host, ALB/ELB stripping, header-trust abuse, SSRF via internal proxy | Cloudflare / nginx / HAProxy / Envoy frontends, IP-allow-list endpoints (/admin), trusted-header auth |
load_skill("/skills/standard/exploit/web/proxy-misconfig/SKILL.md") |
Quick Detection — Which Attack Type?
Run these probes to identify which sub-skill to load:
# 1. SQL Injection — single quote error
curl -s 'https://<TARGET>/page?id=1%27' -o /dev/null -w '%{http_code}'
# 2. SSTI — math evaluation
curl -s 'https://<TARGET>/page?input={{7*7}}' | grep -o '49'
# 3. XSS — reflection check
curl -s 'https://<TARGET>/search?q=<script>test</script>' | grep '<script>test'
# 4. LFI — path traversal
curl -s 'https://<TARGET>/file?name=../../../etc/passwd' | grep 'root:'
# 5. Command Injection — command chaining
curl -s 'https://<TARGET>/ping?host=127.0.0.1;id' | grep 'uid='
# 6. SSRF — localhost access
curl -s 'https://<TARGET>/fetch?url=http://127.0.0.1/' -o ssrf_test.txt
# 7. XXE — XML acceptance
curl -s 'https://<TARGET>/api' -H 'Content-Type: application/xml' -d '<?xml version="1.0"?><test>hello</test>'
# 8. GraphQL — endpoint discovery
curl -s 'https://<TARGET>/graphql' -H 'Content-Type: application/json' -d '{"query":"{ __typename }"}'
Decision Flow
Web target identified?
├── Has query parameters → Try sqli.md, then ssti.md
├── Has file/path parameters → Try lfi.md
├── Has URL/fetch parameters → Try ssrf.md
├── Has search/input reflection → Try xss.md
├── Has file upload form → Try file-upload.md
├── Accepts XML input → Try xxe.md
├── Has /graphql endpoint → Try graphql.md
├── Has ping/exec functionality → Try command-injection.md
├── Has serialized data (cookies, POST) → Try deserialization.md
├── Has object IDs in URLs → Try idor.md
├── Tag/hint includes race/concurrent/toctou → Try race-condition.md
├── Tag/hint includes smuggling/desync/hrs OR multi-proxy stack detected → Try smuggling.md
├── Tag/hint includes crypto/cipher/oracle/captcha OR base64 cookie %16==0 with distinct pad-vs-auth errors → Try crypto.md
├── Tag includes business_logic / privilege_escalation / 2fa_bypass / auth_bypass → Try business-logic.md
├── Tag includes cve OR challenge description mentions a specific CVE/plugin vulnerability → Load cve.md
└── Unknown → Run quick detection probes above
CVE / Known-Exploit Methodology
For CVE-class exploitation, load cve.md (full procedure includes fingerprinting → cve_lookup tool call → cve_poc_lookup → PoC adaptation → flag sweep).
Once the CVE class is identified (SQLi/LFI/RCE/auth bypass), also load the matching attack-class sub-skill (sqli.md, lfi.md, command-injection.md, etc.) for the continuation primitive.
Payload Pacing — Cross-Technique Rule
After 3 payloads of the same bypass class against the same endpoint all produce the same-class negative result (all blocked / all 404 / all no-reflection), pivot to the next bypass class from the sub-skill's cookbook. Do not iterate further within the exhausted class.
| Blocked class | Next class to try |
|---|---|
<script> tag variants |
Event handlers (onerror, onload, onfocus, ontoggle) |
| Event handlers | javascript: URL / srcdoc iframe |
| javascript: URL | Template literal / charcode encoding |
| Quote-escape SQLi | UNION-based or stacked-query |
;cmd injection |
Backtick / $() subshell |
{{7*7}} Jinja2 |
${7*7} Freemarker, <%= 7*7 %> ERB |
A "class" is the bypass mechanism, not the payload string. Three payloads that differ only in the injected JS expression (e.g. alert(1) → alert(2) → confirm(1)) are ONE class.
After exhausting 3 bypass classes on the same endpoint: the endpoint is hardened. Write exploit/PIVOT.md and switch to a different endpoint or vulnerability class from recon SUMMARY.md.
Sub-Skill Loading Rule
ALWAYS load the specialized sub-skill before executing any attack. This overview provides routing only — the sub-skills contain the actual exploitation procedures, tool commands, bypass techniques, and decision trees needed for successful exploitation.
The agent loop (intake handoff verification, confirm-gate phase, verification, silent-stall recovery, three-strike rule) is already loaded into your system prompt at agent boot — no load_skill call needed for it.