# 服务器端主题 - [SQL注入](https://web-sec.gitbook.io/wsa/server-side/sql-injection.md) - [SQL注入](https://web-sec.gitbook.io/wsa/server-side/sql-injection/index.md) - [SQL注入UNION攻击](https://web-sec.gitbook.io/wsa/server-side/sql-injection/union-attacks.md) - [在SQL注入攻击中检索数据库](https://web-sec.gitbook.io/wsa/server-side/sql-injection/examining-the-database.md) - [SQL盲注](https://web-sec.gitbook.io/wsa/server-side/sql-injection/blind.md) - [SQL注入速查表](https://web-sec.gitbook.io/wsa/server-side/sql-injection/cheat-sheet.md) - [认证](https://web-sec.gitbook.io/wsa/server-side/authentication.md) - [认证漏洞](https://web-sec.gitbook.io/wsa/server-side/authentication/index.md) - [基于密码登录中的漏洞](https://web-sec.gitbook.io/wsa/server-side/authentication/password-based.md) - [多因素认证中的漏洞](https://web-sec.gitbook.io/wsa/server-side/authentication/multi-factor.md) - [其他认证机制中的漏洞](https://web-sec.gitbook.io/wsa/server-side/authentication/other-mechanisms.md) - [如何保护你的认证机制](https://web-sec.gitbook.io/wsa/server-side/authentication/securing.md) - [目录遍历](https://web-sec.gitbook.io/wsa/server-side/file-path-traversal.md) - [目录遍历](https://web-sec.gitbook.io/wsa/server-side/file-path-traversal/index.md) - [命令注入](https://web-sec.gitbook.io/wsa/server-side/os-command-injection.md) - [OS命令注入](https://web-sec.gitbook.io/wsa/server-side/os-command-injection/index.md) - [业务逻辑漏洞](https://web-sec.gitbook.io/wsa/server-side/logic-flaws.md) - [业务逻辑漏洞](https://web-sec.gitbook.io/wsa/server-side/logic-flaws/index.md) - [业务逻辑漏洞示例](https://web-sec.gitbook.io/wsa/server-side/logic-flaws/examples.md) - [信息泄露](https://web-sec.gitbook.io/wsa/server-side/information-disclosure.md) - [信息泄露漏洞](https://web-sec.gitbook.io/wsa/server-side/information-disclosure/index.md) - [如何发现并利用信息泄露漏洞](https://web-sec.gitbook.io/wsa/server-side/information-disclosure/exploiting.md) - [访问控制](https://web-sec.gitbook.io/wsa/server-side/access-control.md) - [访问控制漏洞与权限提升](https://web-sec.gitbook.io/wsa/server-side/access-control/index.md) - [不安全的直接对象引用(IDOR)](https://web-sec.gitbook.io/wsa/server-side/access-control/idor.md) - [访问控制安全模型](https://web-sec.gitbook.io/wsa/server-side/access-control/security-models.md) - [文件上传漏洞](https://web-sec.gitbook.io/wsa/server-side/file-upload.md) - [文件上传漏洞](https://web-sec.gitbook.io/wsa/server-side/file-upload/index.md) - [条件竞争](https://web-sec.gitbook.io/wsa/server-side/race-conditions.md) - [条件竞争](https://web-sec.gitbook.io/wsa/server-side/race-conditions/index.md) - [服务器端请求伪造(SSRF)](https://web-sec.gitbook.io/wsa/server-side/ssrf.md) - [服务器端请求伪造(SSRF)](https://web-sec.gitbook.io/wsa/server-side/ssrf/index.md) - [盲SSRF漏洞](https://web-sec.gitbook.io/wsa/server-side/ssrf/blind.md) - [XXE注入](https://web-sec.gitbook.io/wsa/server-side/xxe.md) - [XML外部实体(XXE)注入](https://web-sec.gitbook.io/wsa/server-side/xxe/index.md) - [XML实体](https://web-sec.gitbook.io/wsa/server-side/xxe/xml-entities.md) - [发现并利用盲XXE漏洞](https://web-sec.gitbook.io/wsa/server-side/xxe/blind.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://web-sec.gitbook.io/wsa/server-side.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.