From a94ce50af1fce74d4f0d9b4d8f3e369dd97fa067 Mon Sep 17 00:00:00 2001
From: HackTricks News Bot <bot@hacktricks.xyz>
Date: Mon, 21 Jul 2025 16:28:13 +0000
Subject: [PATCH 1/2] Add content from: Research Update: Enhanced
 src/pentesting-web/web-vulnerabili...

---
 src/pentesting-web/web-vulnerabilities-methodology.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/pentesting-web/web-vulnerabilities-methodology.md b/src/pentesting-web/web-vulnerabilities-methodology.md
index 716254690..b4eb86e38 100644
--- a/src/pentesting-web/web-vulnerabilities-methodology.md
+++ b/src/pentesting-web/web-vulnerabilities-methodology.md
@@ -101,6 +101,8 @@ Some **specific functionalities** may be also vulnerable if a **specific format
 - [ ] [**Email Header Injection**](email-injections.md)
 - [ ] [**JWT Vulnerabilities**](hacking-jwt-json-web-tokens.md)
 - [ ] [**XML External Entity**](xxe-xee-xml-external-entity.md)
+- [ ] [**GraphQL Attacks**](../network-services-pentesting/pentesting-web/graphql.md)
+- [ ] [**gRPC-Web Attacks**](grpc-web-pentest.md)
 
 ### Files
 
@@ -128,7 +130,10 @@ These vulnerabilities might help to exploit other vulnerabilities.
 - [ ] [**Unicode Normalization vulnerability**](unicode-injection/index.html)
 
 
+
+
+## References
+
+* [GraphQL vulnerabilities and common attacks seen in the wild (Security Boulevard, 2024)](https://securityboulevard.com/2024/08/graphql-vulnerabilities-and-common-attacks-seen-in-the-wild/)
+* [gRPC-Go HTTP/2 Rapid Reset advisory (GitHub Security Advisory, 2023)](https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g)
 {{#include ../banners/hacktricks-training.md}}
-
-
-

From 0d133d3eb4bdfd53b17fe5ebb2fe772410708c31 Mon Sep 17 00:00:00 2001
From: SirBroccoli <carlospolop@gmail.com>
Date: Tue, 22 Jul 2025 10:33:52 +0200
Subject: [PATCH 2/2] Update web-vulnerabilities-methodology.md

---
 src/pentesting-web/web-vulnerabilities-methodology.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/pentesting-web/web-vulnerabilities-methodology.md b/src/pentesting-web/web-vulnerabilities-methodology.md
index b4eb86e38..0f2ba13e1 100644
--- a/src/pentesting-web/web-vulnerabilities-methodology.md
+++ b/src/pentesting-web/web-vulnerabilities-methodology.md
@@ -130,10 +130,4 @@ These vulnerabilities might help to exploit other vulnerabilities.
 - [ ] [**Unicode Normalization vulnerability**](unicode-injection/index.html)
 
 
-
-
-## References
-
-* [GraphQL vulnerabilities and common attacks seen in the wild (Security Boulevard, 2024)](https://securityboulevard.com/2024/08/graphql-vulnerabilities-and-common-attacks-seen-in-the-wild/)
-* [gRPC-Go HTTP/2 Rapid Reset advisory (GitHub Security Advisory, 2023)](https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g)
 {{#include ../banners/hacktricks-training.md}}