Forced Browsing

IDOR

LFI

All of the above

XXE

Local File Inclusion

Insecure Direct Object Reference

Cross-site scripting

-rws---r-x root root

-rwx------ root root

drwxr-x-w- root root

-r-xr-xr-x root root

Forcing the application to upload malicious file

Remote code execution in the webserver

enumerate and access resources that are not referenced by the application, but are still accessible

None of these

Cross site scripting

Cross Site Request Forgery

SQL Injection

Insecure Direct Object References

Implementing Access Control Matrix for application resources

Using hidden form fields to authorize

Logging unauthorized users actions

Enforcing RWX permission for every files on server for everyone

Xml Enternal Entities Injection

SQL Injection

Cross site scripting

Broken Access Control