diff --git a/docs/path-traversal/Attachments/DT-Lab1-1.png b/docs/path-traversal/Attachments/DT-Lab1-1.png
new file mode 100644
index 0000000..2d4f190
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab1-2-1.png b/docs/path-traversal/Attachments/DT-Lab1-2-1.png
new file mode 100644
index 0000000..3336c1a
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-2-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab1-2-2.png b/docs/path-traversal/Attachments/DT-Lab1-2-2.png
new file mode 100644
index 0000000..8586c85
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-2-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab1-2-3.png b/docs/path-traversal/Attachments/DT-Lab1-2-3.png
new file mode 100644
index 0000000..a218a01
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-2-3.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab1-3-1.png b/docs/path-traversal/Attachments/DT-Lab1-3-1.png
new file mode 100644
index 0000000..b806d45
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-3-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab1-3-2.png b/docs/path-traversal/Attachments/DT-Lab1-3-2.png
new file mode 100644
index 0000000..7f2bc50
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-3-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab1-4.png b/docs/path-traversal/Attachments/DT-Lab1-4.png
new file mode 100644
index 0000000..24bb87d
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab1-4.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-1.png b/docs/path-traversal/Attachments/DT-Lab2-1.png
new file mode 100644
index 0000000..62a3a33
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-2.png b/docs/path-traversal/Attachments/DT-Lab2-2.png
new file mode 100644
index 0000000..cab3a2b
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-3.png b/docs/path-traversal/Attachments/DT-Lab2-3.png
new file mode 100644
index 0000000..4b512e4
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-3.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-4.png b/docs/path-traversal/Attachments/DT-Lab2-4.png
new file mode 100644
index 0000000..5cdfed2
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-4.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-5-1.png b/docs/path-traversal/Attachments/DT-Lab2-5-1.png
new file mode 100644
index 0000000..e052fcb
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-5-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-5-2.png b/docs/path-traversal/Attachments/DT-Lab2-5-2.png
new file mode 100644
index 0000000..231834a
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-5-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab2-5.png b/docs/path-traversal/Attachments/DT-Lab2-5.png
new file mode 100644
index 0000000..55618db
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab2-5.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-1.png b/docs/path-traversal/Attachments/DT-Lab3-1.png
new file mode 100644
index 0000000..c7f5c0d
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-2.png b/docs/path-traversal/Attachments/DT-Lab3-2.png
new file mode 100644
index 0000000..1ffd296
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-3-1.png b/docs/path-traversal/Attachments/DT-Lab3-3-1.png
new file mode 100644
index 0000000..942ac2d
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-3-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-3.png b/docs/path-traversal/Attachments/DT-Lab3-3.png
new file mode 100644
index 0000000..26d157d
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-3.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-4.png b/docs/path-traversal/Attachments/DT-Lab3-4.png
new file mode 100644
index 0000000..90b7b7f
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-4.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-5-1.png b/docs/path-traversal/Attachments/DT-Lab3-5-1.png
new file mode 100644
index 0000000..15a2634
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-5-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-5-2.png b/docs/path-traversal/Attachments/DT-Lab3-5-2.png
new file mode 100644
index 0000000..9281763
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-5-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab3-5.png b/docs/path-traversal/Attachments/DT-Lab3-5.png
new file mode 100644
index 0000000..114990a
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab3-5.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-1.png b/docs/path-traversal/Attachments/DT-Lab4-1.png
new file mode 100644
index 0000000..3c1a19c
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-2.png b/docs/path-traversal/Attachments/DT-Lab4-2.png
new file mode 100644
index 0000000..5fdff04
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-3.png b/docs/path-traversal/Attachments/DT-Lab4-3.png
new file mode 100644
index 0000000..199ec6c
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-3.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-4.png b/docs/path-traversal/Attachments/DT-Lab4-4.png
new file mode 100644
index 0000000..c50fa45
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-4.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-5.png b/docs/path-traversal/Attachments/DT-Lab4-5.png
new file mode 100644
index 0000000..78960b5
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-5.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-6.png b/docs/path-traversal/Attachments/DT-Lab4-6.png
new file mode 100644
index 0000000..3888c39
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-6.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-7.png b/docs/path-traversal/Attachments/DT-Lab4-7.png
new file mode 100644
index 0000000..6f84581
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-7.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab4-8.png b/docs/path-traversal/Attachments/DT-Lab4-8.png
new file mode 100644
index 0000000..988aeb1
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab4-8.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab5-1.png b/docs/path-traversal/Attachments/DT-Lab5-1.png
new file mode 100644
index 0000000..3784c80
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab5-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab5-2.png b/docs/path-traversal/Attachments/DT-Lab5-2.png
new file mode 100644
index 0000000..5601a84
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab5-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab5-3.png b/docs/path-traversal/Attachments/DT-Lab5-3.png
new file mode 100644
index 0000000..3758a84
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab5-3.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab5-4.png b/docs/path-traversal/Attachments/DT-Lab5-4.png
new file mode 100644
index 0000000..7b419a3
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab5-4.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab6-1.png b/docs/path-traversal/Attachments/DT-Lab6-1.png
new file mode 100644
index 0000000..5ac0c27
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab6-1.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab6-2.png b/docs/path-traversal/Attachments/DT-Lab6-2.png
new file mode 100644
index 0000000..9bf325e
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab6-2.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab6-3.png b/docs/path-traversal/Attachments/DT-Lab6-3.png
new file mode 100644
index 0000000..d8770ab
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab6-3.png differ
diff --git a/docs/path-traversal/Attachments/DT-Lab6-4.png b/docs/path-traversal/Attachments/DT-Lab6-4.png
new file mode 100644
index 0000000..3fbba61
Binary files /dev/null and b/docs/path-traversal/Attachments/DT-Lab6-4.png differ
diff --git a/docs/path-traversal/Attachments/directory-traversal-1.png b/docs/path-traversal/Attachments/directory-traversal-1.png
new file mode 100644
index 0000000..a4e7199
Binary files /dev/null and b/docs/path-traversal/Attachments/directory-traversal-1.png differ
diff --git a/docs/path-traversal/Attachments/directory-traversal-2.png b/docs/path-traversal/Attachments/directory-traversal-2.png
new file mode 100644
index 0000000..3187bd1
Binary files /dev/null and b/docs/path-traversal/Attachments/directory-traversal-2.png differ
diff --git a/docs/path-traversal/Attachments/portswigger-directory-traversal.png b/docs/path-traversal/Attachments/portswigger-directory-traversal.png
new file mode 100644
index 0000000..3c59e50
Binary files /dev/null and b/docs/path-traversal/Attachments/portswigger-directory-traversal.png differ
diff --git a/docs/path-traversal/Directory Traversal.md b/docs/path-traversal/Directory Traversal.md
new file mode 100644
index 0000000..516a2aa
--- /dev/null
+++ b/docs/path-traversal/Directory Traversal.md	
@@ -0,0 +1,266 @@
+# Directory Traversal in Detail
+![image](./Attachments/portswigger-directory-traversal.png)
+## What is Directory Traversal?
+Directory Traversal/Path Traversal is a web app security vulnerability which allows an attacker to read the files available on the system which is running the application. This file can be anything like the application's code and data, user's database, login credentials, sensitive information files, etc. In some cases, the attacker might be able to write arbitrary files on the server allowing modification of any data which can lead to full control of the system.
+
+### Reading Arbitrary Files via Directory Traversal
+Suppose a shopping application loads a file from the system/server to display it to us and the filename is passed as a parameter to the application. It work's something like this:
+```html
+<img src="/loadImage?filename=guitar.png">
+```
+
+The `loadImage` URL takes the name of a file i.e. `filename` as a parameter and displays it to the end user.
+
+Let's suppose that the images for the website are stored at `/var/www/staic/images`. To return an image specified in the URL using the `filename`, the filename is appended to the path. i.e. the path for the image becomes: `/var/www/static/images/guitar.png`
+
+If the application doesn't implement secure code against directory traversal attacks, the attacker can perform the attack to read arbitrary files on the system/server.
+
+Suppose the attacker makes the requests for the URL
+```
+https://website.com/loadImage?filename=../../../../../etc/passwd
+```
+
+This makes the application retrieve the file which is at:
+```
+/var/www/static/images/../../../../../etc/passwd
+```
+
+And if you've worked with directories before, you would understand what the attacker is trying to do using the `../` . And if you're not sure, the `../` is used to go to the parent directory of the current directory. So, when `../` is used multiple times
+![image](./Attachments/directory-traversal-1.png)
+As you can see above. It goes to the parent directory
+
+Loading the file `/var/www/static/images/../../../../../etc/passwd` would result in: 
+![image](./Attachments/directory-traversal-2.png)
+
+The `../../../../..` takes the system to the root directory. And the `/etc/passwd` file is used to keep track of every registered user that has access to a system. 
+
+The `/etc/passwd` file is a standard file on Unix type systems which stores essential information required during login. In other words, it stores user account information. The `/etc/passwd` is a plain text file. It contains a list of the system’s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, and more.
+
+For directory traversal attacks on windows files, you can try retrieving the `C:/Windows/win.ini` or `C:/Windows/system.ini` file while checking for directory traversal attacks.
+![image](./Attachments/Pasted image 20230625100936.png)
+*The above files are from the **Windows Drive***
+
+
+
+#### [Directory Traversal Lab 1 - File path traversal, simple case](https://portswigger.net/web-security/file-path-traversal/lab-simple)
+
+Description of Lab:
+```
+This lab contains a file path traversal vulnerability in the display of product images.
+
+To solve the lab, retrieve the contents of the /etc/passwd file.
+```
+
+1. Access the Lab.
+![image](./Attachments/DT-Lab1-1.png)
+2. We will now look for parameters where we can try performing Directory Traversal Attacks.
+![image](./Attachments/DT-Lab1-2-1.png)
+The `productid` parameter.
+![image](./Attachments/DT-Lab1-2-2.png)
+Let's now look at how the file is retrieved.
+
+![image](./Attachments/DT-Lab1-2-3.png)
+
+3. Let's now try the first parameter. the `productId`
+![image](./Attachments/DT-Lab1-3-1.png)
+
+Now let's try the filename parameter.
+![image](./Attachments/DT-Lab1-3-2.png)
+
+4. And we're done solving the lab.
+![image](./Attachments/DT-Lab1-4.png)
+
+
+
+### Common obstacles to exploit file path traversal vulnerabilities
+This section discusses the attacks against common implementation of defence mechanisms against path traversal attacks in file retrieval applications. It acknowledges that despite these defences, there are still ways to bypass them. The paragraph emphasises the importance of practical exercises and lab-solving to explore and understand the techniques used to overcome these defence methods. By gaining insights from these activities, developers can improve the security of file retrieval applications and protect against path traversal attacks. 
+
+#### [Directory Traversal Lab 2 - File path traversal, traversal sequences blocked with absolute path bypass](https://portswigger.net/web-security/file-path-traversal/lab-absolute-path-bypass)
+
+Description of Lab:
+```
+This lab contains a file path traversal vulnerability in the display of product images.
+
+The application blocks traversal sequences but treats the supplied filename as being relative to a default working directory.
+
+To solve the lab, retrieve the contents of the /etc/passwd file. 
+```
+
+1. Access the lab.
+![image](./Attachments/DT-Lab2-1.png)
+
+2. Right click on the image and open the image in a new tab.
+![image](./Attachments/DT-Lab2-2.png)
+
+3. Try injecting the URL for exploiting directory traversal.
+![image](./Attachments/DT-Lab2-3.png)
+We first try a retrieving a random file just to check the response of the attack. It clearly states: *No such file*
+
+4. Let's now try retrieving the `/etc/passwd` file.
+![image](./Attachments/DT-Lab2-4.png)
+And we can see a result which is different than the previous result. Seeing this we can conclude that we were successful in performing directory traversal attack.
+
+5. And we successfully solved the lab.
+![image](./Attachments/DT-Lab2-5.png)
+
+In the same lab when we try `./54.jpg`, we don't get an error.
+![image](./Attachments/DT-Lab2-5-1.png)
+
+But when we try directory traversal using `../images/54.jpg`, we get the error **No such file**.
+![image](./Attachments/DT-Lab2-5-2.png)
+
+By this we can conclude that either the directory name isn't images or the application is programmed such that when it gets a `../` sequence, it will throw an error.
+
+
+
+#### [Directory Traversal Lab 3 - File path traversal, traversal sequences stripped non-recursively](https://portswigger.net/web-security/file-path-traversal/lab-sequences-stripped-non-recursively)
+
+Description of Lab:
+```
+This lab contains a file path traversal vulnerability in the display of product images.
+
+The application strips path traversal sequences from the user-supplied filename before using it.
+
+To solve the lab, retrieve the contents of the /etc/passwd file. 
+```
+
+1. Access the lab.
+![image](./Attachments/DT-Lab3-1.png)
+
+2. Let's again open one of the images in a new tab.
+![image](./Attachments/DT-Lab3-2.png)
+
+3. Let's now try the previous directory traversal methods.
+![image](./Attachments/DT-Lab3-3.png)
+The first one didn't work.
+
+![image](./Attachments/DT-Lab3-3-1.png)
+The second one didn't work too. So, we need to try something new.
+
+4. The payload we tried is `....//....//....//....//....//....//etc/passwd` and we are successful.
+![image](./Attachments/DT-Lab3-4.png)
+
+5. We successfully solved the lab.
+![image](./Attachments/DT-Lab3-5.png)
+
+**Now let's try to figure out what's happening in the back-end.**
+
+
+The payload `../../8.jpg` didn't work. This means that either we weren't able to go to the parent directory or the image is in the root directory which most probably isn't the case.
+![image](./Attachments/DT-Lab3-5-1.png)
+So, it might be that the actual parameter that loaded the image somehow became `8.jpg` or `././8.jpg`. In the first case, the application must be programmed as `replace('../','')` to remove the going to parent directory action. And in the second case, the program might be programmed as `replace('../','./')` to change the parent directory to the current directory. Which is the reason why the image still loads.
+
+Here the payload `.../../8.jpg` caused an error successfully. This means that either one of the two happened and the effective filename became either `.8.jpg` or `.././8.jpg`. In both cases, file wont be found as there doesn't exit a file `.8.jpg` in the current directory and `8.jpg` in the parent directory. 
+![image](./Attachments/DT-Lab3-5-2.png)
+
+So, this explains why our payload `....//....//....//....//....//....//etc/passwd` worked. It must've translated to an effective filename which is either `../../../../../../etc/passwd`. As the other effective filename i.e. : `...//...//...//...//...//...//etc/passwd` isn't valid.
+
+
+
+#### [Directory Traversal Lab 4 - File path traversal, traversal sequences stripped with superfluous URL-decode](https://portswigger.net/web-security/file-path-traversal/lab-superfluous-url-decode)
+
+Description of Lab:
+```
+This lab contains a file path traversal vulnerability in the display of product images.
+
+The application blocks input containing path traversal sequences. It then performs a URL-decode of the input before using it.
+
+To solve the lab, retrieve the contents of the /etc/passwd file.
+```
+
+1. Access the lab.
+![image](./Attachments/DT-Lab4-1.png)
+
+2. Open any image in a new tab.
+![image](./Attachments/DT-Lab4-2.png)
+
+3. Let's try our basic directory traversal attack.
+![image](./Attachments/DT-Lab4-3.png)
+It didn't work.
+
+4. Let's now try encoding the payload for bypassing the sanitization technique.
+![image](./Attachments/DT-Lab4-4.png)
+Here's the URL encoded payload.
+
+5. The payload didn't work.
+![image](./Attachments/DT-Lab4-5.png)
+
+6. Now let's again URL encode the payload.
+![image](./Attachments/DT-Lab4-6.png)
+Now the % will be converted to \%25
+
+7.  Here we can see that we didn't get a `No such file` error, This means that we were successful in performing directory traversal attack.
+![image](./Attachments/DT-Lab4-7.png)
+
+8. And we're done solving the lab.
+![image](./Attachments/DT-Lab4-8.png)
+
+
+
+#### [Directory Traversal Lab 5 - File path traversal, validation of start of path](https://portswigger.net/web-security/file-path-traversal/lab-validate-start-of-path)
+
+Description of Lab:
+```
+This lab contains a file path traversal vulnerability in the display of product images.
+
+The application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder.
+
+To solve the lab, retrieve the contents of the /etc/passwd file.
+```
+
+1. Access the lab.
+![image](./Attachments/DT-Lab5-1.png)
+
+2. Open the Image in a new tab and let's look at the URL.
+![image](./Attachments/DT-Lab5-2.png)
+We can see that the URL starts with `/var/www/images`, We can try appending `/../../../etc/passwd` in front of the `images` part of the URL.
+
+3. It worked. We were successful in performing a Directory Traversal attack.
+![image](./Attachments/DT-Lab5-3.png)
+
+4. And now we're done with the lab.
+![image](./Attachments/DT-Lab5-4.png)
+
+
+
+#### [Directory Traversal Lab 6 - File path traversal, validation of file extension with null byte bypass](https://portswigger.net/web-security/file-path-traversal/lab-validate-file-extension-null-byte-bypass)
+
+Description of Lab:
+```
+This lab contains a file path traversal vulnerability in the display of product images.
+
+The application validates that the supplied filename ends with the expected file extension.
+
+To solve the lab, retrieve the contents of the /etc/passwd file. 
+```
+
+1. Access the lab. 
+![image](./Attachments/DT-Lab6-1.png)
+
+2. Open any image from the webpage in a new tab.
+![image](./Attachments/DT-Lab6-2.png)
+Let's now try appending null character and file extension to the URL.
+
+3. And we here don't get a `No such file` error. That means we were successful performing Directory Traversal attack.
+![image](./Attachments/DT-Lab6-3.png)
+
+4. And we've solved all the directory traversal labs.
+![image](./Attachments/DT-Lab6-4.png)
+
+
+
+### Summary
+```
+The text provides a detailed explanation of directory traversal, which is a web application security vulnerability that enables attackers to access and read files on the server. It starts by describing the nature of directory traversal, noting that it allows unauthorized users to retrieve various types of sensitive files, including application code, user databases, login credentials, and other confidential information.
+
+The text then presents a practical example to illustrate how directory traversal attacks can occur. It describes a scenario where a shopping application retrieves and displays images based on a user-supplied filename parameter. By manipulating this parameter, an attacker can inject directory traversal sequences and traverse the file system to access unauthorized files. The example demonstrates how the attacker crafts a request by appending "../" sequences to reach higher-level directories and ultimately retrieve the "/etc/passwd" file, which contains user account information.
+
+Furthermore, the text discusses the specific vulnerabilities associated with directory traversal attacks on both Unix-based and Windows systems. It mentions the retrieval of sensitive files like "C:/Windows/win.ini" and "C:/Windows/system.ini" on Windows, highlighting the importance of considering platform-specific vulnerabilities in securing file retrieval applications.
+
+The text also includes a series of lab scenarios that allow readers to explore different defenses against directory traversal attacks. Each lab presents a specific challenge where the application implements a defense mechanism to mitigate directory traversal vulnerabilities. However, the labs also demonstrate various techniques to bypass these defenses and successfully retrieve the "/etc/passwd" file.
+
+The labs cover different scenarios, including cases where traversal sequences are blocked, where traversal sequences are stripped non-recursively, where traversal sequences are stripped with superfluous URL decoding, where the start of the path is validated, and where file extension validation is employed. By solving these labs, readers can gain hands-on experience and insight into the vulnerabilities and countermeasures associated with directory traversal attacks.
+
+Overall, the text provides a comprehensive overview of directory traversal vulnerabilities, explains how attackers can exploit them, and offers practical exercises to understand and overcome defense mechanisms. It highlights the importance of testing and securing file retrieval applications to prevent unauthorized access to sensitive files on the server.
+```
+
diff --git a/docs/path-traversal/_category_.json b/docs/path-traversal/_category_.json
new file mode 100644
index 0000000..76f2542
--- /dev/null
+++ b/docs/path-traversal/_category_.json
@@ -0,0 +1,4 @@
+ {
+     "label": "Path Traversal",
+     "position": 11
+ }
diff --git a/docs/sql-injection/Attachments/SQL-Intro.png b/docs/sql-injection/Attachments/SQL-Intro.png
new file mode 100644
index 0000000..a70d2cf
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Intro.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab1-1.png b/docs/sql-injection/Attachments/SQL-Lab1-1.png
new file mode 100644
index 0000000..1557f7a
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab1-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab1-2.png b/docs/sql-injection/Attachments/SQL-Lab1-2.png
new file mode 100644
index 0000000..278afbf
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab1-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab1-3.png b/docs/sql-injection/Attachments/SQL-Lab1-3.png
new file mode 100644
index 0000000..09767f7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab1-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab1-4.png b/docs/sql-injection/Attachments/SQL-Lab1-4.png
new file mode 100644
index 0000000..56bca16
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab1-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-1.png b/docs/sql-injection/Attachments/SQL-Lab10-1.png
new file mode 100644
index 0000000..2728138
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-2.png b/docs/sql-injection/Attachments/SQL-Lab10-2.png
new file mode 100644
index 0000000..1ebd9ad
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-3.png b/docs/sql-injection/Attachments/SQL-Lab10-3.png
new file mode 100644
index 0000000..e1d48ae
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-4.png b/docs/sql-injection/Attachments/SQL-Lab10-4.png
new file mode 100644
index 0000000..989d972
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-5.png b/docs/sql-injection/Attachments/SQL-Lab10-5.png
new file mode 100644
index 0000000..634beb5
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-6.png b/docs/sql-injection/Attachments/SQL-Lab10-6.png
new file mode 100644
index 0000000..d5ec8e8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-7.png b/docs/sql-injection/Attachments/SQL-Lab10-7.png
new file mode 100644
index 0000000..6a8e81f
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-8.png b/docs/sql-injection/Attachments/SQL-Lab10-8.png
new file mode 100644
index 0000000..96c4d4c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab10-9.png b/docs/sql-injection/Attachments/SQL-Lab10-9.png
new file mode 100644
index 0000000..2a33e6c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab10-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-1.png b/docs/sql-injection/Attachments/SQL-Lab11-1.png
new file mode 100644
index 0000000..d3e5c0b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-10.png b/docs/sql-injection/Attachments/SQL-Lab11-10.png
new file mode 100644
index 0000000..9d787bd
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-10.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-11.png b/docs/sql-injection/Attachments/SQL-Lab11-11.png
new file mode 100644
index 0000000..bb43718
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-11.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-12.png b/docs/sql-injection/Attachments/SQL-Lab11-12.png
new file mode 100644
index 0000000..b4673c8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-12.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-13.png b/docs/sql-injection/Attachments/SQL-Lab11-13.png
new file mode 100644
index 0000000..76f8882
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-13.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-14.png b/docs/sql-injection/Attachments/SQL-Lab11-14.png
new file mode 100644
index 0000000..001a973
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-14.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-15.png b/docs/sql-injection/Attachments/SQL-Lab11-15.png
new file mode 100644
index 0000000..f2f9e98
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-15.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-16.png b/docs/sql-injection/Attachments/SQL-Lab11-16.png
new file mode 100644
index 0000000..ac95a07
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-16.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-17.png b/docs/sql-injection/Attachments/SQL-Lab11-17.png
new file mode 100644
index 0000000..0f1fa45
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-17.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-18.png b/docs/sql-injection/Attachments/SQL-Lab11-18.png
new file mode 100644
index 0000000..cd4b70f
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-18.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-19.png b/docs/sql-injection/Attachments/SQL-Lab11-19.png
new file mode 100644
index 0000000..df8718d
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-19.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-2.png b/docs/sql-injection/Attachments/SQL-Lab11-2.png
new file mode 100644
index 0000000..b06942b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-20.png b/docs/sql-injection/Attachments/SQL-Lab11-20.png
new file mode 100644
index 0000000..431f50a
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-20.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-21.png b/docs/sql-injection/Attachments/SQL-Lab11-21.png
new file mode 100644
index 0000000..a56c4e7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-21.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-22.png b/docs/sql-injection/Attachments/SQL-Lab11-22.png
new file mode 100644
index 0000000..9267060
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-22.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-3.png b/docs/sql-injection/Attachments/SQL-Lab11-3.png
new file mode 100644
index 0000000..b63b804
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-4.png b/docs/sql-injection/Attachments/SQL-Lab11-4.png
new file mode 100644
index 0000000..25c14c6
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-5.png b/docs/sql-injection/Attachments/SQL-Lab11-5.png
new file mode 100644
index 0000000..feb3164
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-6.png b/docs/sql-injection/Attachments/SQL-Lab11-6.png
new file mode 100644
index 0000000..e8434d8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-7.png b/docs/sql-injection/Attachments/SQL-Lab11-7.png
new file mode 100644
index 0000000..e9ac14b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-8.png b/docs/sql-injection/Attachments/SQL-Lab11-8.png
new file mode 100644
index 0000000..5050150
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab11-9.png b/docs/sql-injection/Attachments/SQL-Lab11-9.png
new file mode 100644
index 0000000..7ba36ee
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab11-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-1.png b/docs/sql-injection/Attachments/SQL-Lab12-1.png
new file mode 100644
index 0000000..05aa0c2
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-10.png b/docs/sql-injection/Attachments/SQL-Lab12-10.png
new file mode 100644
index 0000000..7c30c52
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-10.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-11.png b/docs/sql-injection/Attachments/SQL-Lab12-11.png
new file mode 100644
index 0000000..27d64e8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-11.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-12.png b/docs/sql-injection/Attachments/SQL-Lab12-12.png
new file mode 100644
index 0000000..c1970e3
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-12.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-13.png b/docs/sql-injection/Attachments/SQL-Lab12-13.png
new file mode 100644
index 0000000..170ab64
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-13.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-14.png b/docs/sql-injection/Attachments/SQL-Lab12-14.png
new file mode 100644
index 0000000..58e0f87
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-14.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-15.png b/docs/sql-injection/Attachments/SQL-Lab12-15.png
new file mode 100644
index 0000000..6e9975c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-15.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-16.png b/docs/sql-injection/Attachments/SQL-Lab12-16.png
new file mode 100644
index 0000000..b4dda99
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-16.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-17.png b/docs/sql-injection/Attachments/SQL-Lab12-17.png
new file mode 100644
index 0000000..64fd452
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-17.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-18.png b/docs/sql-injection/Attachments/SQL-Lab12-18.png
new file mode 100644
index 0000000..6fafdd6
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-18.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-2.png b/docs/sql-injection/Attachments/SQL-Lab12-2.png
new file mode 100644
index 0000000..425a0c7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-3.png b/docs/sql-injection/Attachments/SQL-Lab12-3.png
new file mode 100644
index 0000000..217860c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-4.png b/docs/sql-injection/Attachments/SQL-Lab12-4.png
new file mode 100644
index 0000000..d401d04
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-5.png b/docs/sql-injection/Attachments/SQL-Lab12-5.png
new file mode 100644
index 0000000..d577af5
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-6.png b/docs/sql-injection/Attachments/SQL-Lab12-6.png
new file mode 100644
index 0000000..de351c7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-7.png b/docs/sql-injection/Attachments/SQL-Lab12-7.png
new file mode 100644
index 0000000..b5775c4
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-8.png b/docs/sql-injection/Attachments/SQL-Lab12-8.png
new file mode 100644
index 0000000..d04e257
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab12-9.png b/docs/sql-injection/Attachments/SQL-Lab12-9.png
new file mode 100644
index 0000000..33fc6a4
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab12-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-1.png b/docs/sql-injection/Attachments/SQL-Lab13-1.png
new file mode 100644
index 0000000..dce869c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-2.png b/docs/sql-injection/Attachments/SQL-Lab13-2.png
new file mode 100644
index 0000000..b2bd3b0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-3.png b/docs/sql-injection/Attachments/SQL-Lab13-3.png
new file mode 100644
index 0000000..3f10eca
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-4.png b/docs/sql-injection/Attachments/SQL-Lab13-4.png
new file mode 100644
index 0000000..e4c9d03
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-5.png b/docs/sql-injection/Attachments/SQL-Lab13-5.png
new file mode 100644
index 0000000..3928a84
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-6.png b/docs/sql-injection/Attachments/SQL-Lab13-6.png
new file mode 100644
index 0000000..cb5becc
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-7.png b/docs/sql-injection/Attachments/SQL-Lab13-7.png
new file mode 100644
index 0000000..1e5b485
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-8.png b/docs/sql-injection/Attachments/SQL-Lab13-8.png
new file mode 100644
index 0000000..8478b82
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab13-9.png b/docs/sql-injection/Attachments/SQL-Lab13-9.png
new file mode 100644
index 0000000..260d3eb
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab13-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-1.png b/docs/sql-injection/Attachments/SQL-Lab14-1.png
new file mode 100644
index 0000000..6b6174b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-10.png b/docs/sql-injection/Attachments/SQL-Lab14-10.png
new file mode 100644
index 0000000..93137e0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-10.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-11.png b/docs/sql-injection/Attachments/SQL-Lab14-11.png
new file mode 100644
index 0000000..d077aa2
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-11.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-12.png b/docs/sql-injection/Attachments/SQL-Lab14-12.png
new file mode 100644
index 0000000..2906188
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-12.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-13.png b/docs/sql-injection/Attachments/SQL-Lab14-13.png
new file mode 100644
index 0000000..b909e96
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-13.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-14-1.png b/docs/sql-injection/Attachments/SQL-Lab14-14-1.png
new file mode 100644
index 0000000..ccd2b29
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-14-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-2.png b/docs/sql-injection/Attachments/SQL-Lab14-2.png
new file mode 100644
index 0000000..fa17d6b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-3.png b/docs/sql-injection/Attachments/SQL-Lab14-3.png
new file mode 100644
index 0000000..de1069e
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-32.png b/docs/sql-injection/Attachments/SQL-Lab14-32.png
new file mode 100644
index 0000000..ccd2b29
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-32.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-4.png b/docs/sql-injection/Attachments/SQL-Lab14-4.png
new file mode 100644
index 0000000..d1bc2b8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-5.png b/docs/sql-injection/Attachments/SQL-Lab14-5.png
new file mode 100644
index 0000000..1bea4d8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-6.png b/docs/sql-injection/Attachments/SQL-Lab14-6.png
new file mode 100644
index 0000000..bc6a571
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-7.png b/docs/sql-injection/Attachments/SQL-Lab14-7.png
new file mode 100644
index 0000000..c09b449
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-8.png b/docs/sql-injection/Attachments/SQL-Lab14-8.png
new file mode 100644
index 0000000..06f63c3
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab14-9.png b/docs/sql-injection/Attachments/SQL-Lab14-9.png
new file mode 100644
index 0000000..bd53fa2
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab14-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab2-1.png b/docs/sql-injection/Attachments/SQL-Lab2-1.png
new file mode 100644
index 0000000..b82358d
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab2-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab2-2.png b/docs/sql-injection/Attachments/SQL-Lab2-2.png
new file mode 100644
index 0000000..edefee9
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab2-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab2-3.png b/docs/sql-injection/Attachments/SQL-Lab2-3.png
new file mode 100644
index 0000000..8ef6b7a
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab2-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab2-4.png b/docs/sql-injection/Attachments/SQL-Lab2-4.png
new file mode 100644
index 0000000..7edf068
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab2-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-1.png b/docs/sql-injection/Attachments/SQL-Lab3-1.png
new file mode 100644
index 0000000..2b58669
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-2.png b/docs/sql-injection/Attachments/SQL-Lab3-2.png
new file mode 100644
index 0000000..d0e2c09
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-3.png b/docs/sql-injection/Attachments/SQL-Lab3-3.png
new file mode 100644
index 0000000..d3fc54c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-4.png b/docs/sql-injection/Attachments/SQL-Lab3-4.png
new file mode 100644
index 0000000..7ba6c4e
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-5.png b/docs/sql-injection/Attachments/SQL-Lab3-5.png
new file mode 100644
index 0000000..dc26bb0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-6.png b/docs/sql-injection/Attachments/SQL-Lab3-6.png
new file mode 100644
index 0000000..2ae49e0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab3-7.png b/docs/sql-injection/Attachments/SQL-Lab3-7.png
new file mode 100644
index 0000000..f043234
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab3-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-1.png b/docs/sql-injection/Attachments/SQL-Lab4-1.png
new file mode 100644
index 0000000..a2c85ba
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-2.png b/docs/sql-injection/Attachments/SQL-Lab4-2.png
new file mode 100644
index 0000000..26cc0a8
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-3.png b/docs/sql-injection/Attachments/SQL-Lab4-3.png
new file mode 100644
index 0000000..14b6cf0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-4.png b/docs/sql-injection/Attachments/SQL-Lab4-4.png
new file mode 100644
index 0000000..b9518af
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-5.png b/docs/sql-injection/Attachments/SQL-Lab4-5.png
new file mode 100644
index 0000000..4cce11d
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-6.png b/docs/sql-injection/Attachments/SQL-Lab4-6.png
new file mode 100644
index 0000000..afbf995
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-7.png b/docs/sql-injection/Attachments/SQL-Lab4-7.png
new file mode 100644
index 0000000..f4beca0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab4-8.png b/docs/sql-injection/Attachments/SQL-Lab4-8.png
new file mode 100644
index 0000000..214e026
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab4-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab5-1.png b/docs/sql-injection/Attachments/SQL-Lab5-1.png
new file mode 100644
index 0000000..df06d10
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab5-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab5-2.png b/docs/sql-injection/Attachments/SQL-Lab5-2.png
new file mode 100644
index 0000000..fcecf6a
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab5-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab5-3.png b/docs/sql-injection/Attachments/SQL-Lab5-3.png
new file mode 100644
index 0000000..ad8a100
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab5-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab5-4.png b/docs/sql-injection/Attachments/SQL-Lab5-4.png
new file mode 100644
index 0000000..88108a9
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab5-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab5-5.png b/docs/sql-injection/Attachments/SQL-Lab5-5.png
new file mode 100644
index 0000000..145ad5a
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab5-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab5-6.png b/docs/sql-injection/Attachments/SQL-Lab5-6.png
new file mode 100644
index 0000000..de95e92
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab5-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab6-1.png b/docs/sql-injection/Attachments/SQL-Lab6-1.png
new file mode 100644
index 0000000..b5e1770
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab6-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab6-2.png b/docs/sql-injection/Attachments/SQL-Lab6-2.png
new file mode 100644
index 0000000..4e06e25
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab6-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab6-3.png b/docs/sql-injection/Attachments/SQL-Lab6-3.png
new file mode 100644
index 0000000..a345839
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab6-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab6-4.png b/docs/sql-injection/Attachments/SQL-Lab6-4.png
new file mode 100644
index 0000000..81e89bd
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab6-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab6-5.png b/docs/sql-injection/Attachments/SQL-Lab6-5.png
new file mode 100644
index 0000000..5fa1a8c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab6-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab6-6.png b/docs/sql-injection/Attachments/SQL-Lab6-6.png
new file mode 100644
index 0000000..949ce75
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab6-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-1.png b/docs/sql-injection/Attachments/SQL-Lab7-1.png
new file mode 100644
index 0000000..e5afabf
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-2.png b/docs/sql-injection/Attachments/SQL-Lab7-2.png
new file mode 100644
index 0000000..1c0d4dc
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-3.png b/docs/sql-injection/Attachments/SQL-Lab7-3.png
new file mode 100644
index 0000000..89ab7b6
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-4.png b/docs/sql-injection/Attachments/SQL-Lab7-4.png
new file mode 100644
index 0000000..49ff30c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-5.png b/docs/sql-injection/Attachments/SQL-Lab7-5.png
new file mode 100644
index 0000000..31ff44b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-6.png b/docs/sql-injection/Attachments/SQL-Lab7-6.png
new file mode 100644
index 0000000..3531259
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-7.png b/docs/sql-injection/Attachments/SQL-Lab7-7.png
new file mode 100644
index 0000000..7c55cb7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-8.png b/docs/sql-injection/Attachments/SQL-Lab7-8.png
new file mode 100644
index 0000000..457d29e
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab7-9.png b/docs/sql-injection/Attachments/SQL-Lab7-9.png
new file mode 100644
index 0000000..4157bc3
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab7-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-1.png b/docs/sql-injection/Attachments/SQL-Lab8-1.png
new file mode 100644
index 0000000..ec10a16
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-2.png b/docs/sql-injection/Attachments/SQL-Lab8-2.png
new file mode 100644
index 0000000..cc72c81
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-3.png b/docs/sql-injection/Attachments/SQL-Lab8-3.png
new file mode 100644
index 0000000..12bb13e
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-4.png b/docs/sql-injection/Attachments/SQL-Lab8-4.png
new file mode 100644
index 0000000..c75f8dd
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-5.png b/docs/sql-injection/Attachments/SQL-Lab8-5.png
new file mode 100644
index 0000000..eeb619a
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-6.png b/docs/sql-injection/Attachments/SQL-Lab8-6.png
new file mode 100644
index 0000000..e37af8c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-7.png b/docs/sql-injection/Attachments/SQL-Lab8-7.png
new file mode 100644
index 0000000..8bc689e
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-8.png b/docs/sql-injection/Attachments/SQL-Lab8-8.png
new file mode 100644
index 0000000..dc9c6c1
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab8-9.png b/docs/sql-injection/Attachments/SQL-Lab8-9.png
new file mode 100644
index 0000000..ff3d0a7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab8-9.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-1.png b/docs/sql-injection/Attachments/SQL-Lab9-1.png
new file mode 100644
index 0000000..ab32056
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-1.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-10.png b/docs/sql-injection/Attachments/SQL-Lab9-10.png
new file mode 100644
index 0000000..1588896
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-10.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-11.png b/docs/sql-injection/Attachments/SQL-Lab9-11.png
new file mode 100644
index 0000000..d661fc7
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-11.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-12.png b/docs/sql-injection/Attachments/SQL-Lab9-12.png
new file mode 100644
index 0000000..5b445aa
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-12.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-13.png b/docs/sql-injection/Attachments/SQL-Lab9-13.png
new file mode 100644
index 0000000..c15d3b0
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-13.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-14.png b/docs/sql-injection/Attachments/SQL-Lab9-14.png
new file mode 100644
index 0000000..9fe5993
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-14.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-15.png b/docs/sql-injection/Attachments/SQL-Lab9-15.png
new file mode 100644
index 0000000..8628feb
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-15.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-2.png b/docs/sql-injection/Attachments/SQL-Lab9-2.png
new file mode 100644
index 0000000..3114051
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-2.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-3.png b/docs/sql-injection/Attachments/SQL-Lab9-3.png
new file mode 100644
index 0000000..5af796f
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-3.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-4.png b/docs/sql-injection/Attachments/SQL-Lab9-4.png
new file mode 100644
index 0000000..3006884
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-4.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-5.png b/docs/sql-injection/Attachments/SQL-Lab9-5.png
new file mode 100644
index 0000000..17b49d9
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-5.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-6.png b/docs/sql-injection/Attachments/SQL-Lab9-6.png
new file mode 100644
index 0000000..e261436
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-6.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-7.png b/docs/sql-injection/Attachments/SQL-Lab9-7.png
new file mode 100644
index 0000000..d2a1211
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-7.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-8.png b/docs/sql-injection/Attachments/SQL-Lab9-8.png
new file mode 100644
index 0000000..b693d9b
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-8.png differ
diff --git a/docs/sql-injection/Attachments/SQL-Lab9-9.png b/docs/sql-injection/Attachments/SQL-Lab9-9.png
new file mode 100644
index 0000000..cc73d0c
Binary files /dev/null and b/docs/sql-injection/Attachments/SQL-Lab9-9.png differ
diff --git a/docs/sql-injection/SQL Injection.md b/docs/sql-injection/SQL Injection.md
new file mode 100644
index 0000000..f175c25
--- /dev/null
+++ b/docs/sql-injection/SQL Injection.md	
@@ -0,0 +1,633 @@
+# SQL Injection in Detail
+
+![image](./Attachments/SQL-Intro.png)
+## What Is An SQL Injection(SQLi) Attack?
+SQL injection, AKA(Also Known As) SQLi is an injection attack where the attacker can interfere with the underlying queries used in the application for retrieving, modifying, or deleting data. This is possible by modifying the data sent to servers through different parameters. We can try tampering the data sent through HTTP requests for testing for possible SQL Injection vulnerabilities. We will use a web proxy(Burp or ZAP) or maybe the command line for this purpose.
+
+## Impact of a successful SQL Injection
+A successful SQLi can result in a lot of damage to a company, reputational and financial. It can be used to retrieve, modify, delete sensitive data which can be user's data containing name, banking information like credit card numbers, DOB, etc. In some cases an attacker can escalate SQLi to more critical vulnerabilities like RCE(Remote Code Execution) and obtain a persistent backdoor into an organisation's systems.
+
+
+### We'll Now Look At Some SQLi Examples:
+- Retrieving Hidden Data: Where the modified SQL query can return additional results
+- Subverting Application Logic: Where the modified SQL query can interfere with the logic of the application, Like bypassing the login authentication.
+- UNION attacks: Where the modified SQL query can retrieve data from other tables.
+- Examining the database: Where the modified SQL query can extract information about the database used and the structure of the database. 
+- Blind SQL Injection: Where the modified SQL query's results are not displayed in the application's response.
+
+Here's The Link To [Cheat Sheet](https://portswigger.net/web-security/sql-injection/cheat-sheet)
+
+
+## Let's now solve the labs provided by PortSwigger
+
+### Retrieving Hidden Data
+Suppose a commercial website with unreleased product/user's data and passwords that the website doesn't want you to see for obvious reasons. An SQL Injection attack when performed successfully can help retrieve such data if parameter(s) are not programmed properly. We will now look at such examples from the PortSwigger's [Web Security Academy's Labs](https://portswigger.net/web-security)
+
+#### [SQL Injection Lab 1 - SQL injection vulnerability in WHERE clause allowing retrieval of hidden data](https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data)
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:
+ 
+SELECT * FROM products WHERE category = 'Gifts' AND released = 1
+
+To solve the lab, perform a SQL injection attack that causes the application to display one or more unreleased products.
+```
+
+1. This is the homepage of the shopping website which we need to perform an SQL injection on to retrieve the *Hidden Data*
+![image](./Attachments/SQL-Lab1-1.png)
+
+
+2. After selecting the Gifts category, We can see the URL changed and we can conclude that the category parameter is parsed through URL.
+![image](./Attachments/SQL-Lab1-2.png)
+
+What the back-end query might look like:
+```SQL
+SELECT * FROM  products WHERE category = 'Gifts' AND released = 1
+```
+
+3. 
+![image](./Attachments/SQL-Lab1-3.png)
+Let's try injecting the payload:
+```SQL
+' OR 1=1--
+```
+
+This payload will change the query to:
+```SQL
+SELECT * FROM  products WHERE category = 'Gifts' OR 1=1--' AND released = 1
+```
+
+Notice how the Query after the -- is commented and the database server is made to select all the data where either the category is Gifts or when 1=1, Which is true in all cases.
+
+4. And the lab is solved.
+![image](./Attachments/SQL-Lab1-4.png)
+
+### Subverting Application Logic
+Just like we commented the released part of the query in the last lab, We can similarly bypass the password check of login pages if not programmed properly.
+
+#### [SQL Injection Lab 2 - SQL injection vulnerability allowing login bypass](https://portswigger.net/web-security/sql-injection/lab-login-bypass)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the login function.
+
+To solve the lab, perform a SQL injection attack that logs in to the application as the `administrator` user.
+```
+
+1. Let's visit the login page now and try attacking the page using SQL Injection attacks.
+![image](./Attachments/SQL-Lab2-1.png)
+
+2. Let's now inject the application using the username parameter. 
+![image](./Attachments/SQL-Lab2-2.png)
+*Note: We Don't Use Password For Injection Attacks As The Password Is Hashed Before Comparing It To The Values In The Users Table.*
+
+What the back-end query might look like:
+```SQL
+SELECT cookies,someOtherData FROM users WHERE username = '______' AND password = '______'
+```
+
+3. We'll now inject the username parameter with the payload `administrator'--`.
+![image](./Attachments/SQL-Lab2-3.png)
+
+This payload will change the query to:
+```SQL
+SELECT cookies FROM users WHERE username = 'administrator'-- AND password = 'PasswordEntered'
+```
+
+The password will be commented and it will bypass the login.
+
+4. And we're in as Administrator.
+![image](./Attachments/SQL-Lab2-4.png)
+
+### UNION Attacks(Retrieving Data From Other Database Tables)
+UNION attacks are where we can retrieve additional information which may be from some other table. The only important thing we need to note here is the data we union with other data should be of same data type and there are some columns which can not be null.
+
+#### [SQL Injection Lab 3 - SQL injection UNION attack, determining the number of columns returned by the query](https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. The first step of such an attack is to determine the number of columns that are being returned by the query. You will then use this technique in subsequent labs to construct the full attack.
+
+To solve the lab, determine the number of columns returned by the query by performing a SQL injection UNION attack that returns an additional row containing null values.
+```
+
+1. Let's Access the lab.
+![image](./Attachments/SQL-Lab3-1.png)
+
+2. Here after selecting the pets category, We can see the change in URL. We will now try SQL injection payloads for solving the lab.
+![image](./Attachments/SQL-Lab3-2.png)
+
+There are 2 ways which can help in determining the number of columns in the result. One is by trying to order the columns using the `ORDER BY` keyword and the other one is by trying to `UNION` extra rows to the result query. We need to know the number of columns in the result query to successfully `UNION` extra rows of data.
+
+3. Let's now try ordering the result of query by each column. Injecting the payload `' ORDER BY 1--`.
+![image](./Attachments/SQL-Lab3-3.png)
+
+
+4. Let's now try `' ORDER BY 2--` 
+![image](./Attachments/SQL-Lab3-4.png)
+
+5. Let's now try `' ORDER BY 3--`. 
+![image](./Attachments/SQL-Lab3-5.png)
+
+6. When we try the `' ORDER BY 4--` payload, it gives an error. By this we can colclude the result of the query has 3 columns.
+![image](./Attachments/SQL-Lab3-6.png)
+
+7. Let's now add an additional column of data by UNION-ing an additional row with NULL data.
+![image](./Attachments/SQL-Lab3-7.png)
+
+And the lab is solved.
+
+#### [SQL Injection Lab 4 - SQL injection UNION attack, finding a column containing text](https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you first need to determine the number of columns returned by the query. You can do this using a technique you learned in a previous lab. The next step is to identify a column that is compatible with string data.
+
+The lab will provide a random value that you need to make appear within the query results. To solve the lab, perform a SQL injection UNION attack that returns an additional row containing the value provided. This technique helps you determine which columns are compatible with string data. 
+```
+
+As we now know how find the number of columns, our main task here is to find the column with the data-type which can contain strings. i.e. CHAR or VARCHAR type. 
+
+1. Let's now access the lab and try finding the number of columns.
+![image](./Attachments/SQL-Lab4-1.png)
+
+2. `' ORDER BY 3--` didn't result in an error. Which means there are 3 or more columns. Which we can guess by the number of data returned for a product.
+![image](./Attachments/SQL-Lab4-2.png) 
+![image](./Attachments/SQL-Lab4-3.png)
+
+3. The `' ORDER BY 4--` did generate an error. This means that the number of columns is 3.
+![image](./Attachments/SQL-Lab4-4.png)
+
+4. Now we will try injecting the string `a` in the payload for finding the column which can contain text. 
+![image](./Attachments/SQL-Lab4-5.png)
+
+5. After a bit of playing around, I found that the second column, Logically, this must be the product name.
+![image](./Attachments/SQL-Lab4-6.png)
+![image](./Attachments/SQL-Lab4-7.png)
+
+6. Let's now make the website reflect the given text to solve the lab.
+![image](./Attachments/SQL-Lab4-8.png)
+And we're done.
+
+#### [SQL Injection Lab 5 - SQL injection UNION attack, retrieving data from other tables](https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. To construct such an attack, you need to combine some of the techniques you learned in previous labs.
+
+The database contains a different table called users, with columns called username and password.
+
+To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user. 
+```
+
+1. Let's now find the number of columns.
+![image](./Attachments/SQL-Lab5-1.png)
+
+2. By using the `ORDER BY` keyword, We find the number of columns returned by the query. That is 2 columns. We will now try retrieving the username and password of the administrator to log in.
+![image](./Attachments/SQL-Lab5-2.png)
+
+3. Using the UNION statement, We are successfully able to retrieve data from the users table.
+![image](./Attachments/SQL-Lab5-3.png)
+![image](./Attachments/SQL-Lab5-4.png)
+
+4. Let's now use the administrator username and password to log in.
+![image](./Attachments/SQL-Lab5-5.png)
+
+5. And we're done.
+![image](./Attachments/SQL-Lab5-6.png)
+
+
+#### [SQL Injection Lab 6 - SQL injection UNION attack, retrieving multiple values in a single column](https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so you can use a UNION attack to retrieve data from other tables.
+
+The database contains a different table called users, with columns called username and password.
+
+To solve the lab, perform a SQL injection UNION attack that retrieves all usernames and passwords, and use the information to log in as the administrator user. 
+```
+
+We might need to retrieve multiple values in a single column due to the data type of the columns. This is when we try concatenating string/values from different columns to a single column.
+
+1. Access the lab.
+![image](./Attachments/SQL-Lab6-1.png)
+
+2. Get the number of columns by using the `ORDER BY` keyword as done before.
+![image](./Attachments/SQL-Lab6-2.png)
+
+3. Now we know that the number of columns are 2.
+   
+![image](./Attachments/SQL-Lab6-3.png)
+
+4. Let's now try retrieving the username and password in a column and for this purpose, we will try the crafted payload which is: `' UNION SELECT NULL,username||'-'||password FROM users--`.
+![image](./Attachments/SQL-Lab6-4.png)
+
+We can now see the usernames and passwords Listed in the product name column.
+
+5. Get the administrator password and log in.
+![image](./Attachments/SQL-Lab6-5.png)
+
+6. And we're done solving the lab
+![image](./Attachments/SQL-Lab6-6.png)
+
+
+### Examining the Database
+Examining the database is about getting information about the database used. In these type of vulnerabilities, we can use some predefined tables to gather sensitive information about the database and everything available in the database.
+
+#### [SQL Injection Lab 7 - SQL injection attack, querying the database type and version on Oracle](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
+
+To solve the lab, display the database version string.
+```
+
+1. Find the number of columns using the `ORDER BY` keyword. 
+![image](./Attachments/SQL-Lab7-1.png)
+![image](./Attachments/SQL-Lab7-2.png)
+
+fuzzer2. From the above, we can conclude that the result of the query gives 2 columns. And now we will try adding text to the displayed result. 
+![image](./Attachments/SQL-Lab7-3.png)
+
+3. Let's now try different payloads from the cheat-sheet.
+![image](./Attachments/SQL-Lab7-4.png)
+
+4. From trial and error, we find that the database system used is by Oracle. So, we will now do some research of our own to think of how we can retrieve the Database Version Information.
+![image](./Attachments/SQL-Lab7-5.png)
+![image](./Attachments/SQL-Lab7-6.png)
+
+5. Let's now craft and use the payload for retrieving information about the database. `' UNION SELECT BANNER,NULL FROM v$version`.
+![image](./Attachments/SQL-Lab7-7.png)
+![image](./Attachments/SQL-Lab7-8.png)
+And the lab is now solved.
+
+To get the version and other information in a more readable way, Let's Inject a heading named '- Lab Solved' so that the results appear at the top.
+![image](./Attachments/SQL-Lab7-9.png)
+
+#### [SQL Injection Lab 8 - SQL injection attack, querying the database type and version on MySQL and Microsoft](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
+
+To solve the lab, display the database version string.
+```
+
+1. Access the lab first.
+![image](./Attachments/SQL-Lab8-1.png)
+
+2. Let's now try injecting SQL to perform injection attack. Payload: `' UNION SELECT 'A','B'--`
+![image](./Attachments/SQL-Lab8-2.png)
+
+3. Let's give it another try using other payload. Payload: `' UNION SELECT 'A','B'#`
+![image](./Attachments/SQL-Lab8-3.png)
+
+4. Again let's give it another try using other payload. Payload: `' UNION SELECT NULL,NULL#`
+![image](./Attachments/SQL-Lab8-4.png)
+Give it another try using other payload. Payload: `' UNION SELECT NULL,NULL--`
+![image](./Attachments/SQL-Lab8-5.png)
+
+5. Now that we're getting server error with each payload, let's check the cheat-sheet for some ideas. 
+![image](./Attachments/SQL-Lab8-6.png)
+Here we find that there's explicitly mentioned *\[Note the space after the double dash\]*
+
+6. Let's try the new payload. Payload: `' UNION SELECT 'A','B'-- #`
+![image](./Attachments/SQL-Lab8-7.png)
+This worked because of the character  after the space after the double dash, As mentioned in the cheat-sheet.
+
+7. Congratulations, We *Exploited* The Lab Successfully.
+![image](./Attachments/SQL-Lab8-8.png)
+![image](./Attachments/SQL-Lab8-9.png)
+
+
+#### [SQL Injection Lab 9 - SQL injection attack, listing the database contents on non-Oracle databases](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so you can use a UNION attack to retrieve data from other tables.
+
+The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users.
+
+To solve the lab, log in as the administrator user.
+```
+
+1. Let's just get into finding the number of columns. Payload: `' ORDER BY 3--`. This gives an error.
+![image](./Attachments/SQL-Lab9-1.png)
+
+2. The payload `' ORDER BY 2--` doesn't give an error. This concludes that the number of columns is 2.
+![image](./Attachments/SQL-Lab9-2.png)
+
+3. Let's now try adding another row of data to the result of the query using the `UNION` keyword.
+![image](./Attachments/SQL-Lab9-3.png)
+We now know that we can `UNION` data to the result of query.
+
+4. Now, we will try some payloads for examining the database. From the cheatsheet, we know that non-Oracle databases have a database named information_schema which has a table named tables which contains information about all the tables. Payload: `' UNION SELECT *,NULL FROM information_schema.tables`
+![image](./Attachments/SQL-Lab9-4.png)
+Using the SQL Prompt, We can get information about the database's internals.
+Commands:
+`USE INFORMATION_SCHEMA;`
+`SHOW TABLES;`
+![image](./Attachments/SQL-Lab9-5.png)
+
+Now the commands we will use for further investigation are:
+`SELECT * FROM TABLES LIMIT 20;`
+`SELECT TABLE_NAME FROM TABLES LIMIT 20;`
+*Note: The `LIMIT 20` is used to retrieve only the first 20 rows of data as the number of data in the table are around 300*
+![image](./Attachments/SQL-Lab9-6.png)
+
+5. Now to retrieve the table names, We will use the payload `' UNION SELECT TABLE_NAME,NULL FROM INFORMATION_SCHEMA.TABLES`
+![image](./Attachments/SQL-Lab9-7.png)
+
+6. Let's now `Ctrl + f` for finding the table of users.
+![image](./Attachments/SQL-Lab9-8.png)
+
+Let's now look at the columns table from information_schema.
+![image](./Attachments/SQL-Lab9-9.png)
+
+This is how we can retrieve the table_name and column_name.
+Command: `SELECT TABLE_NAME,COLUMN_NAME FROM information_schema.columns WHERE [CONDITION]`
+![image](./Attachments/SQL-Lab9-10.png)
+
+7. Now that we know the users table name, Let's now try retrieving the column name from information_schema database.
+![image](./Attachments/SQL-Lab9-11.png)
+![image](./Attachments/SQL-Lab9-12.png)
+And now we have the column names from the users table. By looking at the results, we can find the username and password column names.
+
+
+9. We can now use the payload(will be different while you're solving the lab) 
+   `' UNION SELECT username_bxvcjr,password_jjlshn FROM users_wnxdyb--`
+![image](./Attachments/SQL-Lab9-13.png)
+![image](./Attachments/SQL-Lab9-14.png)
+
+And we're successfully able to retrieve the usernames and passwords.
+
+11. Log in as the administrator, And we're done.
+![image](./Attachments/SQL-Lab9-15.png)
+
+
+#### [SQL Injection Lab 10 - SQL injection attack, listing the database contents on Oracle](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-oracle)
+
+Description of Lab:
+```
+This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so you can use a UNION attack to retrieve data from other tables.
+
+The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users.
+
+To solve the lab, log in as the administrator user. 
+```
+
+  1. We know that the database used is by oracle. So, we will first try basic UNION injection attack using the payload `' UNION SELECT 'A','a' FROM dual--`
+![image](./Attachments/SQL-Lab10-1.png)
+This works, As we already tried retrieving the table and column names from the database. We have an idea of how it works. Let's do our research to find how it is done on Oracle Databases.
+
+2. This is the information I found in the online documentation of Oracle databases.
+![image](./Attachments/SQL-Lab10-2.png)
+![image](./Attachments/SQL-Lab10-3.png)
+
+3. Let's now retrieve the table names using the payload 
+   `' UNION SELECT 'A',TABLE_NAME FROM ALL_TABLES--`
+![image](./Attachments/SQL-Lab10-4.png)
+
+4. Let's now find the users table.
+![image](./Attachments/SQL-Lab10-5.png)
+
+5. Let's now retrieve the column names using the payload
+   `' UNION SELECT 'A',COLUMN_NAME FROM ALL_TAB_COLUMNS WHERE TABLE_NAME='USERS_TXEXMO'`
+![image](./Attachments/SQL-Lab10-6.png)
+
+6. Now that we know the username and password column's name, Let's retrieve the usernames and password. Payload: `' UNION SELECT USERNAME_MCTKCL,PASSWORD_HUXNXI FROM USERS_TXEXMO`
+![image](./Attachments/SQL-Lab10-7.png)
+![image](./Attachments/SQL-Lab10-8.png)
+
+7. Now log in as the administrator.
+![image](./Attachments/SQL-Lab10-9.png)
+
+
+### Blind SQL injection vulnerabilities
+Blind SQL injection vulnerabilities are when the results of the query aren't visible to the end user. We use some other techniques like analysing response with conditional responses, invoking conditional errors, inducing time delays, using time delays for information retrieval, etc. for exploiting blind SQL injection vulnerabilities.
+
+#### [SQL Injection Lab 11 - Blind SQL injection with conditional responses](https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses)
+Description of Lab:
+```
+This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.
+
+The results of the SQL query are not returned, and no error messages are displayed. But the application includes a "Welcome back" message in the page if the query returns any rows.
+
+The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.
+
+To solve the lab, log in as the administrator user. 
+```
+
+1. To solve this lab, we will have to edit the HTTP request to perform SQL injection. For this purpose, I'm going to use OWASP's Zed Attack Proxy(ZAP).
+![image](./Attachments/SQL-Lab11-1.png)
+Click on manual explore and launch browser.
+![image](./Attachments/SQL-Lab11-2.png)
+Now copy paste the link in the browser to see the HTTPS requests being used.
+![image](./Attachments/SQL-Lab11-3.png)
+Follow the above steps to get started.
+
+2. We can now here see the history of requests made. 
+![image](./Attachments/SQL-Lab11-4.png)
+To see the request contents, change to request tab as shown below.
+![image](./Attachments/SQL-Lab11-5.png)
+
+3. Now right click on the request and click on the "Open/Resent with Request Editor..." option.
+![image](./Attachments/SQL-Lab11-6.png)
+
+4. This will open a new tab which will let us change the request in a way we want. Now we will inject the trackingId parameter. with a conditional statement. Payload: `trackingId='x' AND '1'='1`
+![image](./Attachments/SQL-Lab11-7.png)
+This responds with a "Welcome back!" message. Which means it identifies the trackingId AND 1 does equal to 1.
+![image](./Attachments/SQL-Lab11-8.png)
+
+5. Now let's try doing the same with the payload `trackingId='x' AND '1'='2`
+![image](./Attachments/SQL-Lab11-9.png)
+And we have a response with no "Welcome back!" message.
+![image](./Attachments/SQL-Lab11-10.png)
+
+6. Let's now try the SUBSTRING function for retrieving data. Edit the request to make it: `' AND SUBSTRING((SELECT password FROM users WHERE username='administrator'), 1, 1)='a`. If the condition is true, We must get a "Welcome back!" message. And we don't know if the payload would work correctly, we will first just try for the first character of the password's phrase.
+![image](./Attachments/SQL-Lab11-11.png)
+Select the `a` from payload and then right click on the request and fuzz. Fuzzing means brute-forcing. i.e. trying all different combinations. And from the hint, we know that the password contains only \[a-z]\[0-9]. So, Let's now fuzz all the characters.
+![image](./Attachments/SQL-Lab11-12.png)
+Select Payloads.
+
+![image](./Attachments/SQL-Lab11-13.png)
+Select Add.
+
+![image](./Attachments/SQL-Lab11-14.png)
+Select Type: Strings. and put \[a-z]\[0-9] in contents.
+
+![image](./Attachments/SQL-Lab11-15.png)
+And now start the fuzzer.
+
+7. And well now see the fuzzed requests in the fuzzer tab.
+![image](./Attachments/SQL-Lab11-16.png)
+
+8. Looking at them closely, we can conclude that we are getting a request that stands out from other requests. This means that our payload works.
+![image](./Attachments/SQL-Lab11-17.png)
+
+9. Now we will select different positions of password strings for comparing it with different characters.
+![image](./Attachments/SQL-Lab11-18.png)
+Also, if you're thinking how will we know the password's length to know how much to fuzz. You're on the right path. There's a way. Think about it. I have it covered in the Miscellaneous section of the next lab's walkthrough.
+
+10. This will give us all the fuzzed requests.
+![image](./Attachments/SQL-Lab11-19.png)
+
+11. We have our password built up now and we are now free to log in using the password.
+![image](./Attachments/SQL-Lab11-20.png)
+
+12. Log in as the administrator.
+![image](./Attachments/SQL-Lab11-21.png)
+
+13. And we're done with the lab.
+![image](./Attachments/SQL-Lab11-22.png)
+
+
+#### [SQL Injection Lab 12 - Blind SQL injection with conditional errors](https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors)
+
+Description of Lab:
+```
+This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.
+
+The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows. If the SQL query causes an error, then the application returns a custom error message.
+
+The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.
+
+To solve the lab, log in as the administrator user.
+```
+
+Here we're jumping straight to manually editing the request. If you are not sure how to do so, Follow the first four steps of previous lab.
+
+1. Let's now try make a query such that the it produces an error when `TRUE` and doesn't give an error when we use `FALSE`. For producing `TRUE`, we will use (1=1) And for `FALSE`, we will use (1=2). Payload: `' AND (SELECT CASE WHEN (1=2) THEN TO_CHAR(1/0) ELSE 'a' END FROM dual)='a`
+![image](./Attachments/SQL-Lab12-1.png)
+![image](./Attachments/SQL-Lab12-2.png)
+We didn't get an error using `FALSE` condition. Now let's try the same for a `TRUE` condition.
+
+2. Payload: `' AND (SELECT CASE WHEN (1=1) THEN TO_CHAR(1/0) ELSE 'a' END FROM dual)='a`
+![image](./Attachments/SQL-Lab12-3.png)
+![image](./Attachments/SQL-Lab12-4.png)
+We successfully raised an error which resulted in **Internal Server Error**. Let's now use this to our advantage and try to retrieve the password for administrator.
+
+3. Let's now make a payload for retrieving the administrator's password using the conditional errors. Payload: `' AND (SELECT CASE WHEN (SUBSTR(password, 1, 1)='a') THEN TO_CHAR(1/0) ELSE 'a' END FROM users WHERE username='administrator')='a`
+![image](./Attachments/SQL-Lab12-5.png)
+![image](./Attachments/SQL-Lab12-6.png)
+The payload didn't raise an error, this means that the first letter may not be `a`. Let's now try to fuzz the a with all the possible characters, i.e. \[a-z]\[0-9]. 
+
+4. Use the fuzzer to try all the characters like we did in the last lab. 
+![image](./Attachments/SQL-Lab12-7.png)
+![image](./Attachments/SQL-Lab12-8.png)
+
+![image](./Attachments/SQL-Lab12-9.png)
+And we can see the Internal Server Errors coming up for different position of characters in the password string.
+
+5. Now log in as the administrator and we're done.
+![image](./Attachments/SQL-Lab12-10.png)
+
+Miscellaneous: How to retrieve password length.
+
+1. As we know here we can raise errors using conditional statements. We will now use this for retrieving password length. Let's now generate a payload to raise an error when the password length matches. Payload: `' AND (SELECT CASE WHEN (LENGTH(password)=1) THEN TO_CHAR(1/0) ELSE 'a' END FROM users WHERE username='administrator')='a`
+![image](./Attachments/SQL-Lab12-14.png)
+![image](./Attachments/SQL-Lab12-15.png)
+
+3. Now we will fuzz the password length value to raise an error for the correct password length.
+![image](./Attachments/SQL-Lab12-16.png)
+![image](./Attachments/SQL-Lab12-17.png)
+4. Here we can see a request whose response stands out from other requests. Which is an Internal Server Error. So we now know that the password length is 20.
+![image](./Attachments/SQL-Lab12-18.png)
+
+
+#### [SQL Injection Lab 13 - Blind SQL injection with time delays](https://portswigger.net/web-security/sql-injection/blind/lab-time-delays) 
+
+Description of Lab:
+```
+This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.
+
+The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows or causes an error. However, since the query is executed synchronously, it is possible to trigger conditional time delays to infer information.
+
+To solve the lab, exploit the SQL injection vulnerability to cause a 10 second delay. 
+```
+
+1. As we know from the description of the lab that we need to cause a 10 second delay to solve the lab. We will go straight to the cheat-sheet to see how time delays work.
+
+![image](./Attachments/SQL-Lab13-1.png)
+
+2. Here are the respective ways to concatenate 2 results of different database. As we are not sure which database is being used, we will try all the different payloads.
+
+![image](./Attachments/SQL-Lab13-2.png)
+![image](./Attachments/SQL-Lab13-3.png)
+
+3. Trying Oracle. Payload: `'||(dbms_pipe.receive_message(('a'),10))--`
+
+![image](./Attachments/SQL-Lab13-4.png)
+![image](./Attachments/SQL-Lab13-5.png)
+Didn't work.
+
+4. Moving on, trying Microsoft database. Payload: `'+(WAITFOR DELAT '0:00:10')--`
+![image](./Attachments/Pasted image 20230617054217.png)
+![image](./Attachments/SQL-Lab13-6.png)
+Didn't work.
+
+5. Trying PostgreSQL. Payload: `'||(SELECT pg_sleep(10))--` 
+![image](./Attachments/SQL-Lab13-7.png)
+![image](./Attachments/SQL-Lab13-8.png)
+And Yes, We can see a 10 second delay in response time. We successfully caused a 10 second delay.
+
+6. And the lab is solved.
+![image](./Attachments/SQL-Lab13-9.png)
+
+
+#### [SQL Injection Lab 14 - Blind SQL injection with time delays and information retrieval](https://portswigger.net/web-security/sql-injection/blind/lab-time-delays-info-retrieval)
+
+Description of Lab:
+```
+This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie.
+
+The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows or causes an error. However, since the query is executed synchronously, it is possible to trigger conditional time delays to infer information.
+
+The database contains a different table called users, with columns called username and password. You need to exploit the blind SQL injection vulnerability to find out the password of the administrator user.
+
+To solve the lab, log in as the administrator user. 
+```
+
+1. Now that we know how to cause a time delay. Let's first find the database being used. Oracle First. Payload: `'||(dbms_pipe.receive_message(('a'),5))--`
+![image](./Attachments/SQL-Lab14-1.png)
+Didn't Work. Moving on. 
+
+2. Microsoft now. Payload: `'+(WAITFOR DELAY '0:00:10')--`
+![image](./Attachments/SQL-Lab14-2.png)
+Didn't Work. Moving on. 
+
+3. PostgreSQL Now. Payload: `'||(select pg_sleep(10))--` 
+![image](./Attachments/SQL-Lab14-3.png)
+Worked! Now we know that we're working with PostgreSQL Database. Let's craft payload for this database.
+
+![image](./Attachments/SQL-Lab14-4.png)
+![image](./Attachments/SQL-Lab14-5.png)
+
+4. Payload: `'||(SELECT CASE WHEN (SUBSTRING(password,1,1)='a') THEN pg_sleep(3) ELSE pg_sleep(0) END FROM users WHERE username='administrator')--`
+![image](./Attachments/SQL-Lab14-6.png)
+
+5. Lets now fuzz this single location to find if this works.
+![image](./Attachments/SQL-Lab14-7.png)
+![image](./Attachments/SQL-Lab14-8.png)
+![image](./Attachments/SQL-Lab14-9.png)
+
+
+6. Now when we sort the responses according to their response time, we can see a request which took 3.71 seconds. This means that the payload works successfully.
+![image](./Attachments/SQL-Lab14-10.png)
+
+7. Now let's fuzz all the locations for retrieving the administrator user's password.
+![image](./Attachments/SQL-Lab14-11.png)
+
+8. We need to change the concurrent threads to 1 as the database doesn't properly handle multiple requests at the same time properly. If you do use multiple threads at a single time. You'll find the time delay in more than one responses for a single position in password string.
+![image](./Attachments/SQL-Lab14-12.png)
+
+9. Let's now start the fuzzer to retrieve the password.
+
+![image](./Attachments/SQL-Lab14-13.png)
+
+And you'll be able to retrieve the password. 
+
+10. Now log in as administrator and you're done.
+![image](./Attachments/SQL-Lab14-14-1.png)
diff --git a/docs/sql-injection/_category_.json b/docs/sql-injection/_category_.json
new file mode 100644
index 0000000..e21a9d8
--- /dev/null
+++ b/docs/sql-injection/_category_.json
@@ -0,0 +1,4 @@
+{
+    "label": "SQL Injection Attacks",
+    "position": 10
+}
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-1.png b/docs/ssrf/Attachments/SSRF-Lab1-1.png
new file mode 100644
index 0000000..3274239
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-10.png b/docs/ssrf/Attachments/SSRF-Lab1-10.png
new file mode 100644
index 0000000..e014bb8
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-10.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-11.png b/docs/ssrf/Attachments/SSRF-Lab1-11.png
new file mode 100644
index 0000000..4179880
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-11.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-12.png b/docs/ssrf/Attachments/SSRF-Lab1-12.png
new file mode 100644
index 0000000..7227d85
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-12.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-13.png b/docs/ssrf/Attachments/SSRF-Lab1-13.png
new file mode 100644
index 0000000..81eeca8
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-13.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-14.png b/docs/ssrf/Attachments/SSRF-Lab1-14.png
new file mode 100644
index 0000000..ce3117c
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-14.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-15.png b/docs/ssrf/Attachments/SSRF-Lab1-15.png
new file mode 100644
index 0000000..9219dbf
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-15.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-2.png b/docs/ssrf/Attachments/SSRF-Lab1-2.png
new file mode 100644
index 0000000..f1deaa1
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-2.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-3.png b/docs/ssrf/Attachments/SSRF-Lab1-3.png
new file mode 100644
index 0000000..b3c316e
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-3.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-4.png b/docs/ssrf/Attachments/SSRF-Lab1-4.png
new file mode 100644
index 0000000..528a4e1
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-4.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-5.png b/docs/ssrf/Attachments/SSRF-Lab1-5.png
new file mode 100644
index 0000000..df03dd5
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-5.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-6.png b/docs/ssrf/Attachments/SSRF-Lab1-6.png
new file mode 100644
index 0000000..ae9b9a1
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-6.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-7.png b/docs/ssrf/Attachments/SSRF-Lab1-7.png
new file mode 100644
index 0000000..0ee81f5
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-7.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-8.png b/docs/ssrf/Attachments/SSRF-Lab1-8.png
new file mode 100644
index 0000000..1ec3659
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-8.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-9-1.png b/docs/ssrf/Attachments/SSRF-Lab1-9-1.png
new file mode 100644
index 0000000..63bef8d
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-9-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab1-9.png b/docs/ssrf/Attachments/SSRF-Lab1-9.png
new file mode 100644
index 0000000..3077569
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab1-9.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-1.png b/docs/ssrf/Attachments/SSRF-Lab2-1.png
new file mode 100644
index 0000000..49c8ef5
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-10.png b/docs/ssrf/Attachments/SSRF-Lab2-10.png
new file mode 100644
index 0000000..ef1b7a5
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-10.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-11.png b/docs/ssrf/Attachments/SSRF-Lab2-11.png
new file mode 100644
index 0000000..9c69565
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-11.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-12.png b/docs/ssrf/Attachments/SSRF-Lab2-12.png
new file mode 100644
index 0000000..7282d96
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-12.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-13.png b/docs/ssrf/Attachments/SSRF-Lab2-13.png
new file mode 100644
index 0000000..fdecab6
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-13.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-2.png b/docs/ssrf/Attachments/SSRF-Lab2-2.png
new file mode 100644
index 0000000..45eba66
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-2.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-3.png b/docs/ssrf/Attachments/SSRF-Lab2-3.png
new file mode 100644
index 0000000..9d5bca8
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-3.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-4.png b/docs/ssrf/Attachments/SSRF-Lab2-4.png
new file mode 100644
index 0000000..3c7fd92
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-4.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-5.png b/docs/ssrf/Attachments/SSRF-Lab2-5.png
new file mode 100644
index 0000000..8bd9401
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-5.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-6.png b/docs/ssrf/Attachments/SSRF-Lab2-6.png
new file mode 100644
index 0000000..0eb2df3
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-6.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-7.png b/docs/ssrf/Attachments/SSRF-Lab2-7.png
new file mode 100644
index 0000000..dae35de
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-7.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-8.png b/docs/ssrf/Attachments/SSRF-Lab2-8.png
new file mode 100644
index 0000000..786365a
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-8.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab2-9.png b/docs/ssrf/Attachments/SSRF-Lab2-9.png
new file mode 100644
index 0000000..ddc7e9b
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab2-9.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-1.png b/docs/ssrf/Attachments/SSRF-Lab3-1.png
new file mode 100644
index 0000000..f218942
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-10.png b/docs/ssrf/Attachments/SSRF-Lab3-10.png
new file mode 100644
index 0000000..3425b67
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-10.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-2.png b/docs/ssrf/Attachments/SSRF-Lab3-2.png
new file mode 100644
index 0000000..f02be36
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-2.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-3.png b/docs/ssrf/Attachments/SSRF-Lab3-3.png
new file mode 100644
index 0000000..9171693
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-3.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-4.png b/docs/ssrf/Attachments/SSRF-Lab3-4.png
new file mode 100644
index 0000000..0f1b111
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-4.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-5.png b/docs/ssrf/Attachments/SSRF-Lab3-5.png
new file mode 100644
index 0000000..6caf1b3
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-5.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-6.png b/docs/ssrf/Attachments/SSRF-Lab3-6.png
new file mode 100644
index 0000000..538af80
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-6.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-7.png b/docs/ssrf/Attachments/SSRF-Lab3-7.png
new file mode 100644
index 0000000..d59fc57
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-7.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-8-1.png b/docs/ssrf/Attachments/SSRF-Lab3-8-1.png
new file mode 100644
index 0000000..2424e2b
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-8-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-8.png b/docs/ssrf/Attachments/SSRF-Lab3-8.png
new file mode 100644
index 0000000..514f041
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-8.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab3-9.png b/docs/ssrf/Attachments/SSRF-Lab3-9.png
new file mode 100644
index 0000000..9ee63e7
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab3-9.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-1.png b/docs/ssrf/Attachments/SSRF-Lab4-1.png
new file mode 100644
index 0000000..ce987a2
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-10.png b/docs/ssrf/Attachments/SSRF-Lab4-10.png
new file mode 100644
index 0000000..d48fcdb
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-10.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-11.png b/docs/ssrf/Attachments/SSRF-Lab4-11.png
new file mode 100644
index 0000000..8b72442
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-11.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-12.png b/docs/ssrf/Attachments/SSRF-Lab4-12.png
new file mode 100644
index 0000000..7ff95d8
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-12.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-2.png b/docs/ssrf/Attachments/SSRF-Lab4-2.png
new file mode 100644
index 0000000..f1c30f9
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-2.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-3.png b/docs/ssrf/Attachments/SSRF-Lab4-3.png
new file mode 100644
index 0000000..a112fbe
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-3.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-4.png b/docs/ssrf/Attachments/SSRF-Lab4-4.png
new file mode 100644
index 0000000..1a7b913
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-4.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-5.png b/docs/ssrf/Attachments/SSRF-Lab4-5.png
new file mode 100644
index 0000000..5ab0e45
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-5.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-6.png b/docs/ssrf/Attachments/SSRF-Lab4-6.png
new file mode 100644
index 0000000..fe031db
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-6.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-7.png b/docs/ssrf/Attachments/SSRF-Lab4-7.png
new file mode 100644
index 0000000..6cd22cc
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-7.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-8.png b/docs/ssrf/Attachments/SSRF-Lab4-8.png
new file mode 100644
index 0000000..b450f5f
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-8.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab4-9.png b/docs/ssrf/Attachments/SSRF-Lab4-9.png
new file mode 100644
index 0000000..11aaab6
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab4-9.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-1.png b/docs/ssrf/Attachments/SSRF-Lab5-1.png
new file mode 100644
index 0000000..fd86c24
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-1.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-2.png b/docs/ssrf/Attachments/SSRF-Lab5-2.png
new file mode 100644
index 0000000..a5cb1fe
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-2.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-3.png b/docs/ssrf/Attachments/SSRF-Lab5-3.png
new file mode 100644
index 0000000..be223a6
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-3.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-4.png b/docs/ssrf/Attachments/SSRF-Lab5-4.png
new file mode 100644
index 0000000..a6b57bc
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-4.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-5.png b/docs/ssrf/Attachments/SSRF-Lab5-5.png
new file mode 100644
index 0000000..219b762
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-5.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-6.png b/docs/ssrf/Attachments/SSRF-Lab5-6.png
new file mode 100644
index 0000000..cebd9b6
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-6.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-7.png b/docs/ssrf/Attachments/SSRF-Lab5-7.png
new file mode 100644
index 0000000..d5f73d7
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-7.png differ
diff --git a/docs/ssrf/Attachments/SSRF-Lab5-8.png b/docs/ssrf/Attachments/SSRF-Lab5-8.png
new file mode 100644
index 0000000..b21de36
Binary files /dev/null and b/docs/ssrf/Attachments/SSRF-Lab5-8.png differ
diff --git a/docs/ssrf/Attachments/open-browser.png b/docs/ssrf/Attachments/open-browser.png
new file mode 100644
index 0000000..be7913f
Binary files /dev/null and b/docs/ssrf/Attachments/open-browser.png differ
diff --git a/docs/ssrf/Attachments/ssrf-portswigger.png b/docs/ssrf/Attachments/ssrf-portswigger.png
new file mode 100644
index 0000000..a422b46
Binary files /dev/null and b/docs/ssrf/Attachments/ssrf-portswigger.png differ
diff --git a/docs/ssrf/Server Side Request Forgery.md b/docs/ssrf/Server Side Request Forgery.md
new file mode 100644
index 0000000..cab9d07
--- /dev/null
+++ b/docs/ssrf/Server Side Request Forgery.md	
@@ -0,0 +1,429 @@
+# What is Server Side Request Forgery?
+SSRF, or Server-Side Request Forgery, is a web vulnerability where an attacker can make a server send requests to other resources on the internet, often within a trusted network. This can potentially lead to unauthorized access to internal systems, data exposure, or abuse of services.
+
+![image](./Attachments/ssrf-portswigger.png)
+
+# How Impactful are SSRF Attacks?
+Server-Side Request Forgery (SSRF) attacks can have a significant and wide-ranging impact on the security and functionality of web applications and systems. The severity of the impact depends on various factors, including the vulnerability's context, the level of access gained, and the attacker's intent. 
+
+Here are the potential impacts of SSRF attacks:
+1. Data Exposure: SSRF can allow attackers to access sensitive internal data such as configuration files, credentials, and databases. This exposure can lead to data breaches and compromises in data integrity and confidentiality.
+2. Remote Code Execution: In some cases, SSRF can be leveraged to execute code on the internal server or interact with internal services, potentially leading to complete compromise of the system.
+3. Abusing Internal Services: Attackers can abuse SSRF to target and abuse internal services, potentially overloading them or causing disruptions in critical operations.
+4. Exploiting Infrastructure: SSRF can be used to perform reconnaissance on internal network infrastructure, identifying vulnerabilities for future attacks.
+5. Bypassing Security Controls: SSRF can be used to bypass security controls by making requests to trusted internal systems, making it challenging to detect and mitigate the attack.
+6. Server Abuse and Anonymization: Attackers can abuse SSRF to make requests to external services from the server, effectively anonymizing their activities and potentially implicating the targeted server in malicious actions.
+7. Attack Chaining: SSRF can be part of a larger attack chain, where it's used to initiate or facilitate further attacks, such as accessing internal services to gather information for subsequent attacks.
+
+# Types of SSRF Attacks:
+## Common SSRF Attacks:
+SSRF attacks happen when a sneaky hacker tricks a trusting website into doing things it shouldn't. The hacker uses this trust to go beyond the website and mess with other places, like secret parts of the internet or internal systems of a company, causing all sorts of trouble.
+
+### SSRF Attacks Against the Server
+In these types of attacks, the attacker causes the application to make an HTTP request back to the server that is hosting the application, via its loopback network interface.
+
+*The loopback network interface is a special network interface on a computer that allows network communication to itself.*
+
+**Example:** Imagine a shopping application that lets the user view whether an item is in stock in a particular store. To provide the information, the application must query its internal APIs. It does this by making another request to a relevant API endpoint through an HTTP request. A request similar to the following is made for carrying out this process:
+```
+POST /product/stock HTTP/1.0
+Content-Type: application/x-www-form-urlencoded
+Content-Length: xyz
+
+stockApi=http://stock.shopwebsite.net:1711/product/stock/check%3FproductId%3D6%26storeId%3D1
+```
+
+Carefully look at the end of the stockApi line. It says `check%3FproductId%3D6%26storeId%3D1`, If you URL decode it, You can see it converts to `check?productId=6&storeId=1`. With this you can conclude that the stock at Store id 1 is being checked/retrieved for the product id 6.
+
+Anyways, This causes the server to make request to the specified URL, then fetch and return the stock data.
+
+In this example, An attacker can forge the request to specify a different URL than what was originally meant to be used. The modified HTTP request might look something like this: 
+```
+POST /product/stock HTTP/1.0
+Content-Type: application/x-www-form-urlencoded
+Content-Length: xyz
+
+stockApi=http://localhost/admin
+```
+
+What happens here is that the data is fetched from the request and the URL to be fetched becomes `http://localhost/admin`. This causes the server to fetch data from `http://localhost/admin` and display it in result.
+
+An attacker can visit `/admin` URL, but as the user is unauthenticated, the page won't be accessible. But when the same page is requested from within the server, the normal access controls are bypassed because the request appears to originate from a trusted location.
+
+### [SSRF Lab 1 - Basic SSRF against the local server](https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost)
+
+Description of Lab:
+```
+This lab has a stock check feature which fetches data from an internal system.
+
+To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.
+```
+
+1. Access the lab.
+
+![image](./Attachments/SSRF-Lab1-1.png)
+
+2. Let's first try visiting the `/admin` page.
+
+![image](./Attachments/SSRF-Lab1-2.png)
+
+As we can see that the webpage says `Admin interface only avaliable if logged in as an administrator, or if requested from loopback`.
+
+3. Let's open any product's page and try checking the stock for the product.
+
+![image](./Attachments/SSRF-Lab1-3.png)
+
+4. 
+
+![image](./Attachments/SSRF-Lab1-4.png)
+
+5. Let's now find the request which fetches the stock for a product.
+
+![image](./Attachments/SSRF-Lab1-5.png)
+
+6. Now right click on the request and send to repeater. Repeater is what is used for editing requests.
+
+![image](./Attachments/SSRF-Lab1-6.png)
+
+7. Let's Now Replace the API Link.
+
+![image](./Attachments/SSRF-Lab1-7.png)
+
+8. Replace the fetching stock API link with the admin page link. And Submit the request.
+
+![image](./Attachments/SSRF-Lab1-8.png)
+
+9. And this is the response we get.
+
+![image](./Attachments/SSRF-Lab1-9.png)
+
+To open the response in a browser, right click on the response and select `Request in browser` > `In current browser session`. Then copy the link and open in the browser set up by burp.
+
+![image](./Attachments/SSRF-Lab1-9-1.png)
+
+10. On visiting the link and we can see that we successfully loaded the admin page.
+
+![image](./Attachments/SSRF-Lab1-10.png)
+
+11. Now let's try deleting the `carlos` account.
+
+![image](./Attachments/SSRF-Lab1-11.png)
+
+12. As we can see that the action is not allowed. 
+
+![image](./Attachments/SSRF-Lab1-12.png)
+
+13. Let's again edit the original request and check the response.
+
+![image](./Attachments/SSRF-Lab1-13.png)
+
+14. This time it responded with a `HTTP/2 302 FOUND` code.
+
+![image](./Attachments/SSRF-Lab1-14.png)
+
+15. As we can see the `Congratulations, you solved the lab!` message, we can conclude that we were successful at deleting `carlos` account.
+
+![image](./Attachments/SSRF-Lab1-15.png)
+
+### SSRF attacks against other back-end systems
+In some cases, The server is able to interact with back-end systems that are not directly reachable by users. These systems often have non-routable private IP addresses. The back-end systems are normally protected by network topology, so they often have a weaker security posture. In many cases, internal back-end systems contain sensitive functionality that can be accessed without authentication by anyone who is able to interact with the systems.
+
+Suppose there is an other server in the network at `192.168.0.12` which contains sensitive functionality that can be accessed without authentication by anyone able to interact with the system.
+
+The following payload would work in such cases:
+```
+POST /product/stock HTTP/1.0
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 118
+
+stockApi=http://192.168.0.12/admin
+```
+
+### [SSRF Lab 2 - Basic SSRF against another back-end system](https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system)
+
+Description of Lab:
+
+```
+This lab has a stock check feature which fetches data from an internal system.
+
+To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos.
+```
+
+1. Access the lab.
+
+![image](./Attachments/SSRF-Lab2-1.png)
+
+2. Open any product's page.
+
+![image](./Attachments/SSRF-Lab2-2.png)
+
+3. Check the stock.
+
+![image](./Attachments/SSRF-Lab2-3.png)
+
+4. Look for the stock retrieval request in BurpSuite.
+
+![image](./Attachments/SSRF-Lab2-4.png)
+
+5. Send the request to repeater to tamper the request and test.
+
+![image](./Attachments/SSRF-Lab2-5.png)
+
+6. Let's now try editing the `stockApi` link in the request.
+
+![image](./Attachments/SSRF-Lab2-6.png)
+
+7. As we know from the description that the admin interface is at the server `192.168.0.x` at port `8080`. We need to try finding the `x`. Send the request to intruder.
+
+![image](./Attachments/SSRF-Lab2-7.png)
+
+8. Now in the Intruder tab, select the `1` in the `stockApi` link and press the Add button in the right side.
+
+![image](./Attachments/SSRF-Lab2-8.png)
+
+9. Now As the values can be anything from `1 to 255`, Let's copy the values `1 to 255` and go to the payloads tab. 
+   ***Note:** What I've done here is echoed values from `1 to 255` and then used a tool **`xclip`** to copy the numbers to the clipboard by piping the output of loop into `xclip` command.*
+
+![image](./Attachments/SSRF-Lab2-9.png)
+
+10. Now paste the copied payloads using the paste button in `Payload settings [Simple list]` and then press the `start attack` button. 
+
+![image](./Attachments/SSRF-Lab2-10.png)
+
+11. Here you will see a request that stands out. This is how we get the value of `x`.
+
+![image](./Attachments/SSRF-Lab2-11.png)
+
+12. Now replace `x` with the payload and send the request with the URL which is used to delete an account.
+
+![image](./Attachments/SSRF-Lab2-12.png)
+
+13. Reloading the page, you can see the message `Congratulations, you solved the lab!`.
+
+![image](./Attachments/SSRF-Lab2-13.png)
+
+## Circumventing common SSRF defenses
+
+Applications usually contain defence against SSRF attacks which are aimed at exploiting the application's internal trust structure. These defenses can be circumvented using different techniques which we will discuss below:
+
+### SSRF with blacklist-based input filters
+Some applications block input containing `hostnames` like `127.0.0.1` and `localhost`, or sensitive URLs like /admin. In this situation, we can often bypass the security measures using the following techniques: 
+- Use an alternative IP representation of `127.0.0.1`, such as `2130706433`, `017700000001`, `0177.0.0.1`, `0x7f.0.0.1`, `127.0.1`, `0x7f000001` or `127.1`.
+- You can use any domain that resolves to `127.0.0.1`. One good example is `localtest.me` and all its subdomains except `readme.localtest.me`.
+- Obfuscate blocked strings using URL encoding or case variation.
+- Provide a URL that you control, which redirects to the target URL. Try using different redirect codes, as well as different protocols. For example, switching from an `http:` to `https:` URL during the redirect has been shown to bypass some anti-SSRF filters.
+
+Enough theory. Let's Put this into practice **Right Now!**
+
+### [SSRF Lab 3 - SSRF with blacklist-based input filter](https://portswigger.net/web-security/ssrf/lab-ssrf-with-blacklist-filter)
+
+Description of Lab:
+
+```
+This lab has a stock check feature which fetches data from an internal system.
+
+To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.
+
+The developer has deployed two weak anti-SSRF defenses that you will need to bypass. 
+```
+
+1. Access the lab and open any product's page.
+
+![image](./Attachments/SSRF-Lab3-1.png)
+
+2. Click on the `Check stock` button.
+
+![image](./Attachments/SSRF-Lab3-2.png)
+
+
+3. Look for the `Check stock` request in `BurpSuite` and try using alternative IP representations of `localhost` in place of the `stockApi` parameter value.
+
+![image](./Attachments/SSRF-Lab3-3.png)
+
+4. Let's try `http://127.1/admin` first.
+
+![image](./Attachments/SSRF-Lab3-4.png)
+
+Didn't work.
+
+5. Let's now try retrieving `http://2130706433/admin`.
+
+![image](./Attachments/SSRF-Lab3-5.png)
+
+Didn't work!
+
+6. Let's not try getting to the admin page ATM. Let's just try loading the index page, which would be situated at `127.1` and could be retrieved by `stockApi=http://127.1` .
+
+![image](./Attachments/SSRF-Lab3-6.png)
+
+And we're successful loading the index page.
+
+7. As we've tried `http://127.1/admin` in the 4th step, we won't try it again, The initial part of the URL works fine as we saw in the previous step. Let's now try encoding characters from the `/admin` part. Let's URL encode the `a` in the start of `/admin`.
+
+![image](./Attachments/SSRF-Lab3-7.png)
+
+Didn't Work.
+
+8. Let's double encode the same. The `%` sign encodes to `%25`.
+
+![image](./Attachments/SSRF-Lab3-8.png)
+
+***This Worked!***
+
+![image](./Attachments/SSRF-Lab3-8-1.png)
+
+Above we can see the deletion link for the user `carlos`. i.e. `/admin/delete?username=carlos`.
+
+9. Let's now use the URL to try to delete the user `carlos` by editing the request.
+
+![image](./Attachments/SSRF-Lab3-9.png)
+
+10. And We're Done! `Congratulations, you solved the lab!`
+
+![image](./Attachments/SSRF-Lab3-10.png)
+
+### SSRF with whitelist-based input filters
+Some applications only allow inputs that match, a whitelist of permitted values. The filter may look for a match at the beginning of the input, or contained within in it. You may be able to bypass this filter by exploiting inconsistencies in URL parsing.
+
+The URL specification contains a number of features that are likely to be overlooked when an application implements ad-hoc(*just devise a singular solution that works for a specific problem in the situation you find yourself in.*) parsing and validation using this method:
+- You can embed credentials in a URL before the hostname, using the `@` character. For example: 
+  `https://expected-host:fakepassword@evil-host`
+- You can use the `#` character to indicate a URL fragment. For example:
+  `https://evil-host#expected-host`
+- You can leverage the DNS naming hierarchy to place required input into a fully-qualified DNS name that you control. For example:
+  `https://expected-host.evil-host`
+- You can URL-encode characters to confuse the URL-parsing code. This is particularly useful if the code that implements the filter handles URL-encoded characters differently than the code that performs the back-end HTTP request. You can also try [double-encoding](https://portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings#obfuscation-via-double-url-encoding) characters; some servers recursively URL-decode the input they receive, which can lead to further discrepancies.
+- You can use combinations of these techniques together.
+
+
+### [SSRF Lab 4 - SSRF with whitelist-based input filter](https://portswigger.net/web-security/ssrf/lab-ssrf-with-whitelist-filter)
+
+Description of Lab:
+
+```
+This lab has a stock check feature which fetches data from an internal system.
+
+To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.
+
+The developer has deployed an anti-SSRF defense you will need to bypass. 
+```
+
+1. Access the lab.
+
+![image](./Attachments/SSRF-Lab4-1.png)
+
+2. Open any product page, click on the `Check stock` button.
+
+![image](./Attachments/SSRF-Lab4-2.png)
+
+3. Look for the `Check stock` request in the `HTTP history` tab and send it to repeater.
+
+![image](./Attachments/SSRF-Lab4-3.png)
+
+4. Let's try using different IP representation (i.e. `http://127.1`) instead of `localhost` for the `stockApi` parameter and check the results.
+
+![image](./Attachments/SSRF-Lab4-4.png)
+
+**Didn't Work**
+
+5. Let's now try the `@` character, What this might do is think that we are passing a username so the link might get validated.
+
+![image](./Attachments/SSRF-Lab4-5.png)
+
+**Worked! Look at how the response differs from the previous one!**
+
+6. Moving further, with further modifying the payload, Let's now try another `hack`. As we now know that we can use the `#` character for indicating a URL fragment. As we can see, the response changes back to like it was in 4th step. 
+
+![image](./Attachments/SSRF-Lab4-6.png)
+
+ Remember how some links (Ex: `https://website.com/page#section`) takes you to the particular section of a webpage.
+
+7. Let's try encoding the `#` character.
+
+![image](./Attachments/SSRF-Lab4-7.png)
+
+**No Luck!**
+
+8. Let's Try Encoding It Again, And the `%23` becomes `%2523` after another round of encoding.
+
+![image](./Attachments/SSRF-Lab4-8.png)
+
+***This Worked!!!***
+
+9. Now let's change the word `nimish` to `localhost` as it is supposed to be the `evil-host` that we're trying to access using SSRF.
+
+![image](./Attachments/SSRF-Lab4-9.png)
+
+**Congratlations, We got a Status code `200`!**
+
+10. Let's now try loading the `admin` page.
+
+![image](./Attachments/SSRF-Lab4-10.png)
+
+**We're Successful!**
+
+11. Now let's try deleting the `carlos` account as we've done in the previous labs.
+
+![image](./Attachments/SSRF-Lab4-11.png)
+
+12. And we're done, `Congratulations! you solved the lab!`.
+
+![image](./Attachments/SSRF-Lab4-12.png)
+
+### Bypassing SSRF filters via open redirection
+Open redirection vulnerability can be sometimes used to bypass filter-based defenses. In the previous example, Let's suppose that the user submitted URL is strictly validated. i.e. the link should be  starting with `http://weliketoshop.net`. However the application whose URLs are allowed contains an open redirection vulnerability and the application redirects the user to the desired target.
+
+For example, `/product/nectProduct?currentProductId=6&path=http://evil-user.net` would redirect the user to `http://evil-user.net`
+
+We can leverage the open redirect vulnerability to bypass the URL filter, and exploit 
+
+### [SSRF Lab 5 - SSRF with filter bypass via open redirection vulnerability](https://portswigger.net/web-security/ssrf/lab-ssrf-filter-bypass-via-open-redirection)
+
+Description of Lab:
+
+```
+This lab has a stock check feature which fetches data from an internal system.
+
+To solve the lab, change the stock check URL to access the admin interface at `http://192.168.0.12:8080/admin` and delete the user carlos.
+
+The stock checker has been restricted to only access the local application, so you will need to find an open redirect affecting the application first.
+```
+
+1. As always, access the lab.
+
+![image](./Attachments/SSRF-Lab5-1.png)
+
+2. Open up any product's page. Here we can see the links for `Next product`. Click on the `Next product` link.
+
+![image](./Attachments/SSRF-Lab5-2.png)
+
+3. Locate the specific request in BurpSuite.
+
+![image](./Attachments/SSRF-Lab5-3.png)
+As we can see, It takes us to the `Next product` using the `path=` parameter in the first line of the request. 
+
+4. Let's now check for open redirection sending the request through `stockApi` parameter.
+
+![image](./Attachments/SSRF-Lab5-4.png)
+As we can see that the request doesn't respond with anything.
+
+5. Let's now try encoding the characters and sending the request!
+
+![image](./Attachments/SSRF-Lab5-5.png)
+*Again, No Luck*
+
+6. Lets try encoding them again for one last time.
+
+![image](./Attachments/SSRF-Lab5-6.png)
+***And it Worked!***
+
+7. Now let's use the same trick to delete the `carlos` account.
+
+![image](./Attachments/SSRF-Lab5-7.png)
+***We're successful in it!***
+
+8. `Congratulations, you solved the lab!`
+
+![image](./Attachments/SSRF-Lab5-8.png)
+
+
diff --git a/docs/ssrf/_category_.json b/docs/ssrf/_category_.json
new file mode 100644
index 0000000..a14cd72
--- /dev/null
+++ b/docs/ssrf/_category_.json
@@ -0,0 +1,4 @@
+{
+    "label": "Server Side Request Forgery",
+    "position": 12
+}