Run any Skill in Manus with one click

web

Name: Web
Author: PurpleAILAB

Web application exploitation — the primary category skill for all web-based attacks. This is a routing skill: read this first to identify the attack type, then load the appropriate specialized sub-skill for detailed procedures. Covers 11 technique areas across injection, file access, authentication, and API exploitation.

Run Skill in Manus

Skill metadata

Stars4,252

Forks845

UpdatedJune 2, 2026 at 21:04

File Explorer

43 files

SKILL.md

readonly

Web Application Exploitation — Category Overview

This is a routing skill. It helps you identify the correct attack technique, then directs you to the specialized sub-skill with full exploitation procedures.

Attack Technique Routing

Match the target's characteristics to the right sub-skill:

Sub-Skill	Covers	When to Load	Path
sqli	Union/Error/Blind/Time-based SQL injection, sqlmap	SQL database, query parameters, login forms, search, filtering	`load_skill("/skills/standard/exploit/web/sqli/SKILL.md")`
blind-sqli	Manual WAF-bypass companion to sqli — token-fingerprinting probe loops, arithmetic-multiplication boolean evaluation, hex-encoded literals, exponential-probe binary search	Load AFTER sqli when sqlmap with `--tamper` cannot pass the WAF but a binary oracle (two distinct page states) exists; challenge tag is `blind_sqli` with active filtering	`load_skill("/skills/standard/exploit/web/blind-sqli/SKILL.md")`
xss	Reflected/stored/DOM XSS, bot exfiltration, CSP bypass	Client-side JS injection, bot/report URL, cookie stealing	`load_skill("/skills/standard/exploit/web/xss/SKILL.md")`
ssti	Jinja2, Twig, Freemarker, ERB, Razor template injection	Template rendering, `{{}}` or `${}` in output, Flask/Symfony/Java	`load_skill("/skills/standard/exploit/web/ssti/SKILL.md")`
ssrf	Cloud metadata, internal service access, Gopher smuggling	URL fetch parameter, redirect, internal network access	`load_skill("/skills/standard/exploit/web/ssrf/SKILL.md")`
xxe	XML entity injection, SOAP/WSDL, blind OOB	XML processing, SOAP endpoints, XML file uploads	`load_skill("/skills/standard/exploit/web/xxe/SKILL.md")`
lfi	Path traversal, PHP wrappers, log poisoning	File path parameters, `../`, include/require, file download	`load_skill("/skills/standard/exploit/web/lfi/SKILL.md")`
command-injection	OS command injection, blind/OOB, filter bypass	System commands, ping/traceroute, exec, subprocess	`load_skill("/skills/standard/exploit/web/command-injection/SKILL.md")`
deserialization	Java/PHP/.NET/Python deserialization RCE	Serialized objects, base64 blobs, ViewState, pickle	`load_skill("/skills/standard/exploit/web/deserialization/SKILL.md")`
idor	Authorization bypass, ID enumeration, privilege escalation	Object references, sequential IDs, UUIDs, access control	`load_skill("/skills/standard/exploit/web/idor/SKILL.md")`
file-upload	Webshell upload, extension/content-type bypass	File upload forms, unrestricted upload	`load_skill("/skills/standard/exploit/web/file-upload/SKILL.md")`
graphql	Introspection, SQLi via resolvers, auth bypass	GraphQL API, /graphql endpoint, GQL queries	`load_skill("/skills/standard/exploit/web/graphql/SKILL.md")`
race-condition	TOCTOU, parallel POST/GET races, session-write-before-verdict, quota/balance/coupon double-spend	bcrypt/Argon2 auth, check-then-act, slow-op widening race window, challenge tag includes race_condition/toctou/concurrent	`load_skill("/skills/standard/exploit/web/race-condition/SKILL.md")`
smuggling	HTTP request smuggling (HRS) — CL.TE/TE.CL/TE.TE, CL.0, HTTP/2 downgrade (h2.cl, h2.te, CR/LF injection), pipelining, connection-state pinning	Multi-proxy/CDN frontend, differential 4xx/5xx on duplicate or obfuscated TE/CL headers, two `Server:` strings, h2 frontend with h1 backend, challenge tag includes smuggling_desync/request_smuggling/hrs/desync	`load_skill("/skills/standard/exploit/web/smuggling/SKILL.md")`
crypto	Padding oracle (Vaudenay), AES-CBC bit-flipping, ECB block substitution, JWT alg confusion, hash-length extension	Base64 cookie/token w/ length %16 or %8, distinct invalid-pad vs auth-fail responses, JWT, repeated 16-byte ciphertext blocks, challenge tag includes `crypto`/`cipher`/`oracle`/`captcha`	`load_skill("/skills/standard/exploit/web/crypto/SKILL.md")`
business-logic	POST-body privilege fields, 2FA bypass, predictable TOTP codes, hidden auth headers, multi-step workflow tampering	Challenge tag includes `business_logic`, `privilege_escalation`, `2fa_bypass`, `auth_bypass` (not pure IDOR/JWT)	`load_skill("/skills/standard/exploit/web/business-logic/SKILL.md")`
cve	Known CVE exploitation — fingerprint → `cve_lookup` → `cve_poc_lookup` → adapt PoC → flag sweep; CMS/plugin/framework version-specific vulnerabilities	Challenge tag includes `cve`, recon fingerprinted a versioned CMS/framework/plugin, challenge name hints at specific software (WordPress, Joomla, Struts, Spring4Shell, Log4j)	`load_skill("/skills/standard/exploit/web/cve/SKILL.md")`
jwt	JSON Web Token attacks — alg=none, RS256↔HS256 confusion, kid header injection, JWKS spoofing, weak HMAC cracking, signature stripping	`Authorization: Bearer eyJ...`, `id_token=` / `access_token=`, `.well-known/jwks.json`, `.well-known/openid-configuration`	`load_skill("/skills/standard/exploit/web/jwt/SKILL.md")`
oauth	OAuth 2.0 / OIDC abuse — redirect_uri smuggling, state CSRF, code/token leak via referer, PKCE downgrade, scope escalation	`/oauth/authorize`, `/oauth/callback`, `response_type=code\|token`, `client_id=` parameters	`load_skill("/skills/standard/exploit/web/oauth/SKILL.md")`
saml	SAML SSO abuse — XSW (signature wrapping), XML signature stripping, ACS URL substitution, IdP confusion, comment-in-NameID truncation	`SAMLRequest=` / `SAMLResponse=` POST bodies, `/Shibboleth.sso/`, `/saml/acs`, ADFS endpoints	`load_skill("/skills/standard/exploit/web/saml/SKILL.md")`
ato-methodology	Account Takeover end-to-end — credential stuffing, password reset poisoning, email/phone change race, MFA fatigue, session fixation	`/login`, `/reset-password`, `/account/email`, `/account/2fa` endpoints, MFA enrollment flows	`load_skill("/skills/standard/exploit/web/ato-methodology/SKILL.md")`
nosqli	NoSQL injection — MongoDB `$ne`/`$gt`/`$where`, Redis CRLF, Cassandra CQL, Couch view injection, DynamoDB filter abuse	MongoDB/Redis/Cassandra/Couch/Dynamo backends, JSON request bodies with operator-like keys	`load_skill("/skills/standard/exploit/web/nosqli/SKILL.md")`
ldapi	LDAP injection — anonymous bind, wildcard filters, attribute exfil, blind boolean LDAP via attribute presence	LDAP-backed login, `cn=`/`uid=`-shaped queries, AD-joined web apps with form auth	`load_skill("/skills/standard/exploit/web/ldapi/SKILL.md")`
xpath-xslt	XPath / XSLT injection — auth bypass, blind boolean extraction, XSLT RCE via `document()` / `php:function`, XEE	XML-backed search/login, XSLT-transformed responses, `?xsl=` parameters	`load_skill("/skills/standard/exploit/web/xpath-xslt/SKILL.md")`
mass-assignment	Mass-assignment / over-posting — privilege fields (`isAdmin`, `role`, `verified`), nested object injection via JSON, GraphQL input-object abuse	REST/GraphQL POST/PATCH with JSON bodies, ORM-backed APIs (Rails, Django, Express+Mongoose, Spring)	`load_skill("/skills/standard/exploit/web/mass-assignment/SKILL.md")`
open-redirect	Open redirect — auth callback, SSO relay state, OAuth `redirect_uri`, header-injection-based, JS-based location overrides	`?url=`, `?next=`, `?returnTo=`, `?redirect=`, `?continue=` parameters; SSO RelayState	`load_skill("/skills/standard/exploit/web/open-redirect/SKILL.md")`
cache-deception	Web cache deception — path confusion (`/account.css`, `/account/index.css`), Cloudflare/Varnish/CDN cache key abuse, header smuggling	CDN-fronted apps (Cloudflare, Fastly, Akamai), `Cache-Control` permissive on static suffixes, per-user pages cacheable	`load_skill("/skills/standard/exploit/web/cache-deception/SKILL.md")`
dom-clobbering	DOM clobbering — `<form id=config>` / `<a name=cfg>` to shadow JS globals, bypass JS validation, defeat client-side sanitizers	Sites accepting user HTML, postMessage handlers using `window.config.*`, jQuery-extend patterns	`load_skill("/skills/standard/exploit/web/dom-clobbering/SKILL.md")`
xs-leaks	Cross-Site Leaks — frame counting, COOP/COEP probing, performance-timing oracles, navigation-side-effects, error-event leaks	Authenticated cross-origin reads, OAuth response inference, SSO state leak, account-existence oracles	`load_skill("/skills/standard/exploit/web/xs-leaks/SKILL.md")`
proxy-misconfig	Reverse-proxy misconfig — origin bypass via Host/X-Forwarded-Host, ALB/ELB stripping, header-trust abuse, SSRF via internal proxy	Cloudflare / nginx / HAProxy / Envoy frontends, IP-allow-list endpoints (`/admin`), trusted-header auth	`load_skill("/skills/standard/exploit/web/proxy-misconfig/SKILL.md")`

Quick Detection — Which Attack Type?

Run these probes to identify which sub-skill to load:

# 1. SQL Injection — single quote error
curl -s 'https://<TARGET>/page?id=1%27' -o /dev/null -w '%{http_code}'

# 2. SSTI — math evaluation
curl -s 'https://<TARGET>/page?input={{7*7}}' | grep -o '49'

# 3. XSS — reflection check
curl -s 'https://<TARGET>/search?q=<script>test</script>' | grep '<script>test'

# 4. LFI — path traversal
curl -s 'https://<TARGET>/file?name=../../../etc/passwd' | grep 'root:'

# 5. Command Injection — command chaining
curl -s 'https://<TARGET>/ping?host=127.0.0.1;id' | grep 'uid='

# 6. SSRF — localhost access
curl -s 'https://<TARGET>/fetch?url=http://127.0.0.1/' -o ssrf_test.txt

# 7. XXE — XML acceptance
curl -s 'https://<TARGET>/api' -H 'Content-Type: application/xml' -d '<?xml version="1.0"?><test>hello</test>'

# 8. GraphQL — endpoint discovery
curl -s 'https://<TARGET>/graphql' -H 'Content-Type: application/json' -d '{"query":"{ __typename }"}'

Decision Flow

Web target identified?
├── Has query parameters → Try sqli.md, then ssti.md
├── Has file/path parameters → Try lfi.md
├── Has URL/fetch parameters → Try ssrf.md
├── Has search/input reflection → Try xss.md
├── Has file upload form → Try file-upload.md
├── Accepts XML input → Try xxe.md
├── Has /graphql endpoint → Try graphql.md
├── Has ping/exec functionality → Try command-injection.md
├── Has serialized data (cookies, POST) → Try deserialization.md
├── Has object IDs in URLs → Try idor.md
├── Tag/hint includes race/concurrent/toctou → Try race-condition.md
├── Tag/hint includes smuggling/desync/hrs OR multi-proxy stack detected → Try smuggling.md
├── Tag/hint includes crypto/cipher/oracle/captcha OR base64 cookie %16==0 with distinct pad-vs-auth errors → Try crypto.md
├── Tag includes business_logic / privilege_escalation / 2fa_bypass / auth_bypass → Try business-logic.md
├── Tag includes cve OR challenge description mentions a specific CVE/plugin vulnerability → Load cve.md
└── Unknown → Run quick detection probes above

CVE / Known-Exploit Methodology

For CVE-class exploitation, load cve.md (full procedure includes fingerprinting → cve_lookup tool call → cve_poc_lookup → PoC adaptation → flag sweep). Once the CVE class is identified (SQLi/LFI/RCE/auth bypass), also load the matching attack-class sub-skill (sqli.md, lfi.md, command-injection.md, etc.) for the continuation primitive.

Payload Pacing — Cross-Technique Rule

After 3 payloads of the same bypass class against the same endpoint all produce the same-class negative result (all blocked / all 404 / all no-reflection), pivot to the next bypass class from the sub-skill's cookbook. Do not iterate further within the exhausted class.

Blocked class	Next class to try
`<script>` tag variants	Event handlers (`onerror`, `onload`, `onfocus`, `ontoggle`)
Event handlers	javascript: URL / srcdoc iframe
javascript: URL	Template literal / charcode encoding
Quote-escape SQLi	UNION-based or stacked-query
`;cmd` injection	Backtick / `$()` subshell
`{{7*7}}` Jinja2	`${77}` Freemarker, `<%= 77 %>` ERB

A "class" is the bypass mechanism, not the payload string. Three payloads that differ only in the injected JS expression (e.g. alert(1) → alert(2) → confirm(1)) are ONE class.

After exhausting 3 bypass classes on the same endpoint: the endpoint is hardened. Write exploit/PIVOT.md and switch to a different endpoint or vulnerability class from recon SUMMARY.md.

Sub-Skill Loading Rule

ALWAYS load the specialized sub-skill before executing any attack. This overview provides routing only — the sub-skills contain the actual exploitation procedures, tool commands, bypass techniques, and decision trees needed for successful exploitation.

The agent loop (intake handoff verification, confirm-gate phase, verification, silent-stall recovery, three-strike rule) is already loaded into your system prompt at agent boot — no load_skill call needed for it.

name	web
description	Web application exploitation — the primary category skill for all web-based attacks. This is a routing skill: read this first to identify the attack type, then load the appropriate specialized sub-skill for detailed procedures. Covers 11 technique areas across injection, file access, authentication, and API exploitation.
allowed-tools	Bash Read Write
metadata	{"subdomain":"execution","when_to_use":"web exploit, web application, http, https, web vulnerability, injection, web attack, web service, api, cookie, session, authentication bypass, web shell, form, parameter, query string, POST, GET, request, response, web server, apache, nginx, flask, django, express, php, java web, asp.net, ruby on rails, spring, node.js, deserialization, SQL injection, sqlmap, SSTI, template injection, SSRF, IDOR, command injection, RCE, xss, cross-site scripting, xxe, xml, lfi, path traversal, file upload, graphql","tags":"web-application, exploitation, injection","mitre_attack":"T1190, T1059, T1203"}

web

More from this repository

Web Application Exploitation — Category Overview

Attack Technique Routing

Quick Detection — Which Attack Type?

Decision Flow

CVE / Known-Exploit Methodology

Payload Pacing — Cross-Technique Rule

Sub-Skill Loading Rule

Web Application Exploitation — Category Overview

Attack Technique Routing

Quick Detection — Which Attack Type?

Decision Flow

CVE / Known-Exploit Methodology

Payload Pacing — Cross-Technique Rule

Sub-Skill Loading Rule

More from this repository