PHP Security Cheat Sheet
https://www.owasp.org/index.php/PHP_Security_Cheat_SheetLes PATH truncations: The old one - Daily Security
https://www.dailysecurity.fr/les-path-truncations/SQL Injection
sql-injectionphp - SQL injection that gets around mysql_real_escape_string()
https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-stringBlind SQL Injection
blind-sql-injectionSANS Penetration Testing | Making Blind SQL Injection More Efficient
https://pen-testing.sans.org/blog/2011/10/31/making-blind-sql-injection-more-efficient-new-toolA faster method than Blind SQL Injection? - Information Security Stack Exchange
https://security.stackexchange.com/questions/15953/a-faster-method-than-blind-sql-injectionSQL Injection by truncation
sql-injection-by-truncationSQL Truncation Attack
http://resources.infosecinstitute.com/sql-truncation-attack/SQL Injection Cheat Sheet
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/#StringwithoutQuotesReading and Writing Files | NetSPI SQL Injection Wiki
https://sqlwiki.netspi.com/attackQueries/readingAndWritingFiles/#mysqlSQLi filter evasion cheat sheet (MySQL) | Reiners' Weblog
https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/Exploiting hard filtered SQL Injections | Reiners' Weblog
https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/NoSQL Injection
nosql-injectionNo SQL, No Injection?
https://arxiv.org/ftp/arxiv/papers/1506/1506.04082.pdfNoSQL Injection - Fun with objects and arrays
https://www.owasp.org/images/e/ed/GOD16-NOSQL.pdfLes NOSQL injections Classique et Blind: Never trust user input - Daily Security
https://www.dailysecurity.fr/nosql-injections-classique-blind/LDAP Injection
ldap-injectionfailles_web:ldap_injection [Zenk - security]
https://wiki.zenk-security.com/doku.php?id=failles_web:ldap_injection#injection_de_base_sur_authentification_username_passwordXpath Injection
xpath-injectionfailles_web:xpath_injection [Zenk - security]
https://wiki.zenk-security.com/doku.php?id=failles_web:xpath_injectionTesting for XPath Injection
https://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010)XPath Examples
https://msdn.microsoft.com/en-us/library/ms256086(v=vs.110).aspxXPath Syntax
https://www.w3schools.com/xml/xpath_syntax.asp{ Better } Hacker: Command Injection Without Spaces
http://www.betterhacker.com/2016/10/command-injection-without-spaces.htmlAdapter le concept de la Zip Bomb pour défendre son site web des scripts kiddies
https://korben.info/adapter-concept-de-zip-bomb-defendre-site-web-scripts-kiddies.htmlGitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
https://github.com/swisskyrepo/PayloadsAllTheThingsWebshells
webshellsGitHub - epinna/weevely3: Weaponized web shell
https://github.com/epinna/weevely3GitHub - flozz/p0wny-shell: Single-file PHP shell
https://github.com/flozz/p0wny-shellFile Operation Induced Unserialization via the “phar://” Stream Wrapper
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf