v1 — ALL 22 FINDINGS ACTIVE

• sqli_get: VULN
• sqli_post: VULN
• sqli_cookie: VULN
• sqli_header: VULN
• xss_reflected: VULN
• xss_stored: VULN
• xss_stored_single: VULN
• cmdi_post: VULN
• cmdi_get: VULN
• cmdi_header: VULN
• cmdi_cookie: VULN
• open_redirect: VULN
• path_traversal: VULN
• ssrf: VULN
• idor: VULN
• dir_listing: VULN
• sensitive_files: VULN
• verbose_errors: VULN
• server_banner: VULN
• missing_headers: VULN
• cors_misconfig: VULN
• weak_cookies: VULN

Sitemap (for scanners)

GET endpoints with parameters

• /products?id=1 — SQLi (GET param)
• /search?q=test — Reflected XSS
• /scan?target=127.0.0.1&proto=tcp&depth=1 — Cmd injection (3 params)
• /tools?name=ls — Cmd injection (param + X-Trace-Id header)
• /lookup?domain=example.com — Cmd injection (param + locale cookie)
• /redirect?next=/ — Open redirect
• /download?file=readme.txt — Path traversal
• /fetch?url=https://example.com — SSRF
• /user/1/profile — IDOR (try /user/2/profile, /user/3/profile)
• /profile — SQLi via session_id cookie
• /api/user-info — SQLi via X-User-ID header
• /comments — Stored XSS display page
• /guestbook — Stored XSS (single page)
• /uploads/ — Directory listing
• /.env — Sensitive file exposure
• /.git/config — Sensitive file exposure
• /backup.zip — Sensitive file exposure
• /error-demo — Verbose error page

POST endpoints (forms below so crawlers submit them)

POST /login — SQLi via POST body

POST /comment — Stored XSS sink

POST /guestbook — Stored XSS sink

POST /diagnostic — Cmd injection (4 params)