# Web应用安全 - [HTTP逐跳请求头滥用](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/abusing-http-hop-by-hop-request-headers.md) - [身份认证绕过](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/broken-authentication.md) - [双因素认证漏洞](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/broken-authentication/two-factor-authentication-vulnerabilities.md) - [命令注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/command-injection.md) - [参数注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/command-injection/argument-injection.md) - [内容安全策略](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/content-security-policy.md) - [Cookie安全](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/cookie-security.md) - [Cookie炸弹](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/cookie-security/cookie-bomb.md) - [Cookie溢出](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/cookie-security/cookie-jar-overflow.md) - [Cookie竞争](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/cookie-security/cookie-tossing.md) - [CORS错误配置](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/cors-misconfiguration.md) - [文件上传漏洞](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/file-upload-vulnerabilities.md) - [GraphQL漏洞](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/graphql-vulnerabilities.md) - [HTML注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/html-zhu-ru.md) - [base标签注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/html-zhu-ru/base.md) - [iframe注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/html-zhu-ru/iframe.md) - [link标签注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/html-zhu-ru/link.md) - [meta标签注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/html-zhu-ru/meta.md) - [target属性注入](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/html-zhu-ru/target.md) - [HTTP头安全](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/http-headers-security.md) - [HTTP请求走私](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/http-request-smuggling.md) - [速率限制缺陷](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/improper-rate-limits.md) - [JavaScript原型污染](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/javascript-prototype-pollution.md) - [JSON Web令牌漏洞](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/json-web-token-vulnerabilities.md) - [OAuth 2.0漏洞](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/oauth-2.0-vulnerabilities.md) - [OpenID Connect漏洞](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/oauth-2.0-vulnerabilities/openid-connect.md) - [竞态条件](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/race-condition.md) - [服务器端请求伪造](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/server-side-request-forgery.md) - [后渗透利用](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/server-side-request-forgery/post-exploitation.md) - [SVG滥用](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/svg-abuse.md) - [弱随机数生成](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/weak-random-generation.md) - [Web缓存投毒](https://gitbook.cdxiaodong.life/web-ying-yong-an-quan/web-cache-poisoning.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gitbook.cdxiaodong.life/web-ying-yong-an-quan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.