/

• Brute force password guessing
• Client-side URL redirection
• Cookie tampering
• Directory traversal
• Information gathering 1
• Information gathering 2
• Information leakage
• Parameter tampering
• Reflected XSS
• Stored XSS
• Upload malicious file
• Weak password reset functionalities
• docs