In every pentest web there is several hidden and obvious places that might be vulnerable. This post is meant to be a checklist to confirm that you have searched vulnerabilities in all the possible places.
Nowadays webapplications usually uses some kind of intermediaryproxies, those may be (ab)used to exploit vulnerabilities. These vulnerabilities need a vulnerable proxy to be in place, but they usually also need some extra vulnerability in the backend.
Some functionalities will require the data to be structured on a very specific format (like a language serialized object or a XML). Therefore, it's more easy to identify is the application might be vulnerable as it needs to be processing that kind of data.
Some specific functionalities my be also vulnerable if a specific format of the input is used (like Email Header Injections).
Functionalities that allow to upload files might be vulnerable to several issues.
Functionalities that generates files including user input might execute unexpected code.
Users that open files uploaded by users or automatically generated including user input might be compromised.