- Introduction
- Web Services Description Language (WSDL)
- SOAPAction Spoofing
- Command Injection
- Attacking WordPress 'xmlrpc.php'
- Information Disclosure (with a twist of SQLi)
- Arbitrary File Upload
- Local File Inclusion (LFI)
- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- Regular Expression Denial of Service (ReDoS)
- XML External Entity (XXE) Injection