# Server-Side - [SQL Injection](https://book.jorianwoltjer.com/web/server-side/sql-injection.md): An infamous and simple attack where code is injected where data should be, rewriting the SQL Query - [NoSQL Injection](https://book.jorianwoltjer.com/web/server-side/nosql-injection.md): NoSQL databases are a type of database where objects are used instead of SQL strings. MongoDB is common but more are vulnerable - [GraphQL](https://book.jorianwoltjer.com/web/server-side/graphql.md): Query structured data through an API and perform mutations with authorization - [XML External Entities (XXE)](https://book.jorianwoltjer.com/web/server-side/xml-external-entities-xxe.md): Injecting Entities into XML data to read local files and exfiltrate data - [HTTP Request Smuggling](https://book.jorianwoltjer.com/web/server-side/http-request-smuggling.md): Parsing of Content-Length and Transfer-Encoding headers leads to messing with boundaries of requests - [Local File Disclosure](https://book.jorianwoltjer.com/web/server-side/local-file-disclosure.md): Gain information by reading files on a web server, also known as Local File Inclusion (LFI) - [Arbitrary File Write](https://book.jorianwoltjer.com/web/server-side/arbitrary-file-write.md): Being able to create or overwrite files on a server, often causing Remote Code Execution (RCE) - [Reverse Proxies](https://book.jorianwoltjer.com/web/server-side/reverse-proxies.md): Servers on top of web applications that route traffic, manage headers and more - [ImageMagick](https://book.jorianwoltjer.com/web/server-side/imagemagick.md): A tool/library for converting and editing images of many formats, with some older versions having known vulnerabilities --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.jorianwoltjer.com/web/server-side.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.