# Vunerabilities and attacks

- [Clickjacking](/pentips/web-pentesting/webvulns/clickjacking.md)
- [CORS (Misconfigurations)](/pentips/web-pentesting/webvulns/cors.md)
- [CSRF](/pentips/web-pentesting/webvulns/csrf.md)
- [SSRF](/pentips/web-pentesting/webvulns/ssrf.md)
- [Bypass captcha](/pentips/web-pentesting/webvulns/captcha-bypass.md)
- [Template Injection (client and server side)](/pentips/web-pentesting/webvulns/template-injection.md)
- [MFA bypass](/pentips/web-pentesting/webvulns/mfa-bypass.md)
- [XXE](/pentips/web-pentesting/webvulns/xxe.md)