# Web - [信息搜集](https://ctfbook.ph0en1x.com/web/xin-xi-sou-ji.md) - [注入攻击](https://ctfbook.ph0en1x.com/web/zhu-ru.md) - [SQL注入](https://ctfbook.ph0en1x.com/web/zhu-ru/sqlzhu-ru.md) - [XML实体注入](https://ctfbook.ph0en1x.com/web/zhu-ru/xmlshi-ti-zhu-ru.md) - [SSTI 服务器模板注入](https://ctfbook.ph0en1x.com/web/zhu-ru/ssti-fu-wu-qi-mo-ban-zhu-ru.md) - [前端安全](https://ctfbook.ph0en1x.com/web/qian-duan-an-quan.md) - [XSS 跨站脚本攻击](https://ctfbook.ph0en1x.com/web/qian-duan-an-quan/xss-kua-zhan-jiao-ben-gong-ji.md) - [CSRF 跨站请求伪造](https://ctfbook.ph0en1x.com/web/qian-duan-an-quan/csrf-kua-zhan-qing-qiu-wei-zao.md) - [Html5 特性](https://ctfbook.ph0en1x.com/web/qian-duan-an-quan/html5-te-xing.md) - [常见漏洞](https://ctfbook.ph0en1x.com/web/fu-wu-qi-duan-lou-dong.md) - [SSRF 服务端请求伪造](https://ctfbook.ph0en1x.com/web/fu-wu-qi-duan-lou-dong/ssrf-fu-wu-duan-qing-qiu-wei-zao.md) - [File upload 文件上传漏洞](https://ctfbook.ph0en1x.com/web/fu-wu-qi-duan-lou-dong/file-upload-wen-jian-shang-chuan-lou-dong.md) - [Web Cache 欺骗攻击](https://ctfbook.ph0en1x.com/web/fu-wu-qi-duan-lou-dong/web-cache-qi-pian-gong-ji.md) - [特定场景漏洞](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong.md) - [AWS 漏洞系列](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/aws-lou-dong-xi-lie.md) - [S3 Bucket信息泄露](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/aws-lou-dong-xi-lie/s3-bucketxin-xi-xie-lu.md) - [未授权访问漏洞](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong.md) - [redis未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/rediswei-shou-quan-fang-wen.md) - [CouchDB未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/couchdb-wei-shou-quan-fang-wen.md) - [Docker Remote API未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/docker-remote-apiwei-shou-quan-fang-wen-lou-dong.md) - [memcache 未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/memcache-wei-shou-quan-fang-wen.md) - [Jenkins 未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/jenkins-wei-shou-quan-fang-wen-lou-dong.md) - [PHP-FPM未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/phpfpm-wei-shou-quan-fang-wen.md) - [rsync 未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/rsync-wei-shou-quan-fang-wen.md) - [Mongodb未授权访问](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/wei-shou-quan-fang-wen-lou-dong/mongodb-wei-shou-quan-fang-wen.md) - [服务器配置问题](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/fu-wu-qi-pei-zhi-wen-ti.md) - [Apache Tomcat样例目录session操纵漏洞](https://ctfbook.ph0en1x.com/web/qi-ta-lou-dong/fu-wu-qi-pei-zhi-wen-ti/apache-tomcatyang-li-mu-lu-session-cao-zong-lou-dong.md) - [PHP 安全](https://ctfbook.ph0en1x.com/web/php-an-quan.md) - [PHP 反序列化漏洞](https://ctfbook.ph0en1x.com/web/php-an-quan/php-fan-xu-lie-hua-lou-dong.md) - [PHP 代码审计小结](https://ctfbook.ph0en1x.com/web/php-an-quan/php-dai-ma-shen-ji-xiao-jie.md) - [PHP 伪协议总结](https://ctfbook.ph0en1x.com/web/php-an-quan/php-wei-xie-yi-zong-jie.md) - [PHP 内存破坏漏洞](https://ctfbook.ph0en1x.com/web/php-an-quan/php-nei-cun-po-huai-lou-dong.md) - [PHP mail header injection](https://ctfbook.ph0en1x.com/web/php-an-quan/php-mail-header-injection.md) - [PHP 弱类型安全总结](https://ctfbook.ph0en1x.com/web/php-an-quan/phpruo-lei-xing-an-quan-zong-jie.md) - [PHP 各版本特性](https://ctfbook.ph0en1x.com/web/php-an-quan/phpge-ban-ben-te-xing.md) - [逻辑漏洞](https://ctfbook.ph0en1x.com/web/luo-ji-lou-dong.md) - [CTF-Web Trick](https://ctfbook.ph0en1x.com/web/ctf-web-trick.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ctfbook.ph0en1x.com/web.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.