gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-03-12 21:22:59 -07:00
Code Issues Packages Projects Releases Wiki Activity
2,168 Commits 2 Branches 7 Tags
3051fc81158e2b33bf22a7335f1971f10f48f561
Commit Graph

187 Commits

Author SHA1 Message Date
Swissky
3051fc8115 Fix formatting issues in SpEL section of Java.md 2026-03-02 17:58:19 +01:00
Swissky
3c063a8616 Fix formatting for SpEL and OGNL examples in Java.md 2026-03-02 17:57:38 +01:00
Swissky
5c487edc05 Change title to 'Elixir Deserialization' and update content 
Updated the title and provided a brief overview of Server-Side Template Injection in Elixir.
 2026-03-02 17:52:24 +01:00
vladko312
dac581547e SSTI: 
- Added Elixir/EEx payloads
- Added OGNL payloads
- Clarified SpEL payloads and details
- Fixed PHP Error-Based payloads
- Added Twig Error-Based payload for CVE-2022-23614
Insecure Deserialization:
- Improved Python payloads
 2026-02-22 21:18:54 +03:00
Swissky
08b5c4c868 Unordered list style [Expected: dash; Actual: asterisk] 2026-01-03 22:50:37 +01:00
vladko312
bec6524774 SSTI: 
- Fixed NodeJS payloads
 2026-01-03 23:19:26 +03:00
vladko312
09a5f07345 SSI, SSTI: 
- Improved MarkDown
 2026-01-03 22:20:19 +03:00
Vladislav Korchagin
4831e36fb8 Merge branch 'master' into master 2026-01-03 19:06:57 +03:00
vladko312
abbbf2fc95 SSTI: 
- Fixed NodeJS payloads
 2026-01-03 18:43:24 +03:00
Swissky
d345536ff4 Fix markdown linting 2026-01-03 15:47:05 +01:00
vladko312
7fb2ff75d7 SSI: 
- Added SSTImap to the tools, as it now supports SSI detection and exploitation
SSTI:
- Added description for known detection and exploitation techniques
- Added payloads for universal detection
- Added universal payloads for different languages
- Added Error-Based and Boolean-Based payloads
- Moved SpEL payloads using `T()` to the correct category
- Moved Pug payloads to the correct language and updated info to reflect the actual name
 2026-01-03 05:20:04 +03:00
brumens
a957c3f96d Fixed markdown linting 2025-12-15 11:30:06 +01:00
brumens
5f1a39d272 Added author to research reference 2025-12-03 14:09:02 +01:00
brumens
3cf745b90c Added Jinja and Mako obf payloads 2025-12-03 14:07:37 +01:00
brumens
e2ce1c96dc Added Smarty and Twig obf payload 2025-12-03 14:05:41 +01:00
brumens
7ca2ca2a75 Added Groovy and FreeMarker obf payloads 2025-12-03 13:58:49 +01:00
brumens
52daa1d820 Updated SSTI Reference 2025-12-03 13:58:27 +01:00
Swissky
832b54fd95 Syntax Highlighting SSTI 2025-11-15 17:11:42 +01:00
n3rada
f3cdd4ff0c fix(markdown): add blank lines around fenced code blocks to satisfy MD031 2025-08-13 18:29:00 +00:00
n3rada
d04a38a67c refactor(template): rename Velocity payload variables for clarity 2025-08-13 18:14:47 +00:00
n3rada
edbf3386a3 Update Java.md 2025-07-21 18:33:56 +02:00
Swissky
f344fa50a6 Fix typo 2 2025-03-27 11:24:46 +01:00
Swissky
ab7e7390dc Fix broken links 2025-03-27 11:16:36 +01:00
Swissky
bad860d79d Markdown Linting - SSI, SSRF, SSTI 2025-03-26 17:49:42 +01:00
hacker
64b36854a7 External Variable Modification 2025-03-07 12:15:00 +01:00
Swissky
32d9f7550d XPATH + XSS + XXE + XSLT 2024-11-30 21:14:51 +01:00
Swissky
9425cec068 Handlebars - Basic Injection 2024-11-25 18:42:36 +01:00
Swissky
6bfad6a84d SSTI - SpEL 2024-11-25 13:56:29 +01:00
Swissky
a338b2f12a Normalize page header for SSTI, SAML, SSI 2024-11-10 19:14:16 +01:00
Swissky
b2bb1df9a9 References addded for SQLi, Upload, SSTI, Type Juggling 2024-11-07 20:54:16 +01:00
Swissky
138fbd97f9 Account Takeover References 2024-11-03 21:22:14 +01:00
Swissky
21dfd91180 SSTI references updates 2024-11-03 20:54:01 +01:00
Swissky
d77ef2c4fc Templating Libraries Tables 2024-11-02 17:42:18 +01:00
Alexandre ZANNI
eca0bd1b36 SSTI: engine detection 2024-11-01 22:20:50 +01:00
Swissky
6ee918b060 SSTI update 2024-10-23 14:17:18 +02:00
Swissky
7ec97bb77e SSTI - Pages splitted by technology 2024-10-23 13:59:18 +02:00
Swissky
97cfeee270 Tools Update 2024-01-21 21:39:23 +01:00
Maximilian Hildebrand
db1357bb3c Added TInjA and the Template Injection Table 
Both are novel tools to help Pentesters / Bug bounty hunters to detect template injections
 2023-12-03 13:15:47 +01:00
2h0ng
34da0e2708 Update Lodash SSTI 
Update Lodash SSTI
 2023-09-02 21:24:59 -04:00
KeoOp
598d2ca3fa Update README.md 2023-06-07 14:15:07 +08:00
Rémi GASCOU (Podalirius)
b3f98adf0c SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"] 2023-05-09 20:15:02 +02:00
Rémi GASCOU (Podalirius)
9c2b040242 Adding Jinja2 RCE through lipsum in Templates 2023-05-09 18:34:35 +02:00
Tom Wilford
c1dc141e13 Added 'passthru' filter exploits 2023-04-28 14:47:59 +01:00
Swissky
a38701a7e2 MOTD + SpEL injection 2023-02-20 17:21:43 +01:00
Alexandre ZANNI
89782643c9 SSTI: add some jinja2 examples 2023-01-28 15:29:54 +01:00
Swissky
ec7c363aba Merge pull request #592 from oddrabbit/patch-1 
Added in Spring Framework SSTI Detection & Exploitation
 2022-12-28 10:55:13 +01:00
Swissky
996c83bb4b Update README.md 2022-12-28 10:54:48 +01:00
Swissky
f318f8bcc0 Update README.md 2022-12-27 18:26:13 +01:00
Aur0ra
29c23ac7fd Update README.md 2022-12-27 18:30:20 +08:00
OddRabbit
b672771a1b Update README.md 2022-10-28 00:07:26 +11:00