# Pentesting Web

- [Client Side Template Injection (CSTI)](https://www.verylazytech.com/pentesting-web/client-side-template-injection-csti.md)
- [Identify a Server’s Origin IP](https://www.verylazytech.com/pentesting-web/identify-a-servers-origin-ip.md)
- [2FA/MFA/OTP Bypass](https://www.verylazytech.com/pentesting-web/2fa-mfa-otp-bypass.md)
- [IDOR](https://www.verylazytech.com/pentesting-web/idor.md): Learn to uncover more IDORs the lazy way with VeryLazyTech—tips, tricks, and hacks revealed!
- [Open Redirect](https://www.verylazytech.com/pentesting-web/open-redirect.md): Open Redirect (also known as Unvalidated Redirects and Forwards) occurs when a web application accepts user-supplied input and redirects the user to an arbitrary URL without proper validation.
- [Subdomain Takeover](https://www.verylazytech.com/pentesting-web/subdomain-takeover.md)
- [CMS Wp/Durpal/Joomla/etc..](https://www.verylazytech.com/pentesting-web/cms-wp-durpal-joomla-etc...md)
- [Penetration Testing WiFi Networks](https://www.verylazytech.com/pentesting-web/penetration-testing-wifi-networks.md)
- [Client-Side Path Traversal](https://www.verylazytech.com/pentesting-web/client-side-path-traversal.md)
- [Clickjacking](https://www.verylazytech.com/pentesting-web/clickjacking.md): Explore clickjacking attacks with VeryLazyTech—techniques, exploits, and lazy prevention tips!
- [Command Injection](https://www.verylazytech.com/pentesting-web/command-injection.md)
- [JWT Vulnerabilities](https://www.verylazytech.com/pentesting-web/jwt-vulnerabilities.md)
- [Bypass rating limit](https://www.verylazytech.com/pentesting-web/bypass-rating-limit.md): Bypass rate limits like a pro with VeryLazyTech—advanced exploits and lazy techniques unveiled!
- [CORS - Misconfigurations & Bypass](https://www.verylazytech.com/pentesting-web/cors-misconfigurations-and-bypass.md)
- [LDAP Injection](https://www.verylazytech.com/pentesting-web/ldap-injection.md)
- [File upload vulnerabilities](https://www.verylazytech.com/pentesting-web/file-upload-vulnerabilities.md)
- [Content Security Policy (CSP) bypass](https://www.verylazytech.com/pentesting-web/content-security-policy-csp-bypass.md)
- [Brute Force - Services, web, local, tools & wordlists](https://www.verylazytech.com/pentesting-web/brute-force-services-web-local-tools-and-wordlists.md): A comprehensive brute force guide covering web logins, APIs, and local services like IMAP, MySQL, and LDAP using tools like Hydra, Medusa, Legba, and more.
- [Shellshock](https://www.verylazytech.com/pentesting-web/shellshock.md)
- [Copy of Copy of Tampatle Duplicate](https://www.verylazytech.com/pentesting-web/copy-of-copy-of-tampatle-duplicate.md)
- [XSS](https://www.verylazytech.com/pentesting-web/xss.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.verylazytech.com/pentesting-web.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.