PayloadsAllTheThings

mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-04-28 11:33:06 -07:00

Author	SHA1	Message	Date
Swissky	d4e6eda4ad	Normalize commands, callbacks and references	2026-04-22 15:03:31 +02:00
Swissky	a79b1f5692	Merge pull request #839 from liuwlx/codex/csv-injection-sanitize-references docs: sanitize CSV injection examples and normalize references	2026-04-22 13:19:14 +02:00
Swissky	87c2862e1a	Merge pull request #840 from liuwlx/codex/dependency-confusion-reference-dates docs: normalize dependency confusion reference dates	2026-04-22 13:18:05 +02:00
lwlzxxz	2b6c1267f7	docs: normalize dependency confusion reference dates	2026-04-22 15:55:41 +08:00
lwlzxxz	06946ade2e	docs: sanitize CSV injection examples and normalize references	2026-04-22 15:41:05 +08:00
Swissky	3ca2ecee21	GraphQL update	2026-04-18 17:45:41 +02:00
Swissky	3b069f0334	PTH Web Archive	2026-04-08 23:16:30 +02:00
Swissky	a41ae2c572	Python Path File	2026-04-08 22:56:27 +02:00
Swissky	f695b0a527	Merge pull request #824 from noraj/patch-2 XXE zip recompression tips	2026-03-16 14:57:15 +01:00
Alexandre ZANNI	8847706138	XXE zip recompression tips	2026-03-16 11:49:21 +01:00
Swissky	497fbe925b	Archive external reference links via Wayback Machine Replace direct URLs in Markdown references with their web.archive.org equivalents to prevent link rot.	2026-03-09 13:02:28 +01:00
Swissky	769b300f4f	SQLi Auth Bypass fix example	2026-03-04 19:18:40 +01:00
Swissky	d8e749cdc5	Fix title error	2026-03-02 18:23:58 +01:00
Swissky	ae9c45f474	Fix markdown linter	2026-03-02 18:07:33 +01:00
Swissky	2e32d27e47	Merge pull request #820 from vladko312/master SSTI and Insecure Deserialization improvements based on the new version of my research	2026-03-02 18:05:30 +01:00
Swissky	b60551efe9	Fix CI/CD markdown	2026-03-02 18:04:20 +01:00
Swissky	3051fc8115	Fix formatting issues in SpEL section of Java.md	2026-03-02 17:58:19 +01:00
Swissky	3c063a8616	Fix formatting for SpEL and OGNL examples in Java.md	2026-03-02 17:57:38 +01:00
Swissky	5c487edc05	Change title to 'Elixir Deserialization' and update content Updated the title and provided a brief overview of Server-Side Template Injection in Elixir.	2026-03-02 17:52:24 +01:00
Swissky	f99fe06c2f	Update Python.md to clarify payload compatibility Removed note about platform-specific payloads and added information on creating a universal payload using eval.	2026-03-02 17:45:36 +01:00
vladko312	dac581547e	SSTI: - Added Elixir/EEx payloads - Added OGNL payloads - Clarified SpEL payloads and details - Fixed PHP Error-Based payloads - Added Twig Error-Based payload for CVE-2022-23614 Insecure Deserialization: - Improved Python payloads	2026-02-22 21:18:54 +03:00
Swissky	10d41d2e7d	XS-Leaks	2026-02-16 17:33:43 +01:00
Swissky	0b76ce0737	CSS Injection	2026-02-15 17:52:09 +01:00
Swissky	66ef235835	Merge pull request #818 from HAK3R4LIFE/master Improve clarity in 2FA bypass documentation	2026-02-02 12:31:27 +01:00
Swissky	019bd50246	Merge pull request #819 from ocnu/patch-typo-fix Fix small typo in README	2026-02-02 12:30:49 +01:00
ocnu	cc6d580cef	docs: fix typo in README Corrected the spelling of commiting to committing for better readability.	2026-02-01 23:51:39 -06:00
SCPlayz7000	59d03bb7f2	Improve clarity in 2FA bypass documentation Corrected grammar and phrasing in the 2FA bypass documentation for clarity.	2026-02-01 14:32:56 -06:00
Swissky	50b8eb957f	Merge pull request #815 from pgoslatara/actup/update-actions-1768915364 chore: Update outdated GitHub Actions versions	2026-01-21 18:39:35 +01:00
Padraic Slattery	13aaddf0d2	chore: Update outdated GitHub Actions versions	2026-01-20 14:22:44 +01:00
Swissky	a711494a64	Merge pull request #812 from vladko312/master New SSTI payloads for Error-Based and Boolean-Based techniques	2026-01-03 22:51:40 +01:00
Swissky	08b5c4c868	Unordered list style [Expected: dash; Actual: asterisk]	2026-01-03 22:50:37 +01:00
vladko312	bec6524774	SSTI: - Fixed NodeJS payloads	2026-01-03 23:19:26 +03:00
vladko312	09a5f07345	SSI, SSTI: - Improved MarkDown	2026-01-03 22:20:19 +03:00
Vladislav Korchagin	4831e36fb8	Merge branch 'master' into master	2026-01-03 19:06:57 +03:00
Swissky	45661ef925	Merge pull request #809 from HackingRepo/patch-2 Update README with URL parsing examples	2026-01-03 16:57:44 +01:00
Swissky	cd548698eb	Reverse Proxy Misconfigurations markdown linting	2026-01-03 16:52:21 +01:00
Swissky	b890ac4c9d	Merge pull request #813 from MegaManSec/master add gixy-next	2026-01-03 16:48:55 +01:00
Swissky	2c2552d1fe	Update Gixy-Next link in README.md	2026-01-03 16:48:14 +01:00
vladko312	abbbf2fc95	SSTI: - Fixed NodeJS payloads	2026-01-03 18:43:24 +03:00
Swissky	d345536ff4	Fix markdown linting	2026-01-03 15:47:05 +01:00
Swissky	41f2f96509	Merge pull request #808 from Brum3ns/master Updated SSTI with novel obfuscation payloads	2026-01-03 15:44:38 +01:00
Joshua Rogers	bb325561a1	add gixy-next	2026-01-03 23:34:47 +11:00
vladko312	7fb2ff75d7	SSI: - Added SSTImap to the tools, as it now supports SSI detection and exploitation SSTI: - Added description for known detection and exploitation techniques - Added payloads for universal detection - Added universal payloads for different languages - Added Error-Based and Boolean-Based payloads - Moved SpEL payloads using `T()` to the correct category - Moved Pug payloads to the correct language and updated info to reflect the actual name	2026-01-03 05:20:04 +03:00
Swissky	bd72827e58	ORM leak lint + crapsecret	2026-01-02 19:46:23 +01:00
RelunSec	c975f61fa0	Fix typo in README regarding URL formatting	2025-12-19 07:48:57 -08:00
RelunSec	09bdd83685	Update README with URL parsing examples Added examples of URL formats and parser behaviors.	2025-12-18 23:41:37 -08:00
brumens	a957c3f96d	Fixed markdown linting	2025-12-15 11:30:06 +01:00
Swissky	39da0328b8	Indicators for deserialization	2025-12-12 11:32:33 +01:00
Swissky	ba62eed782	SQLite extensions	2025-12-07 19:52:51 +01:00
brumens	5f1a39d272	Added author to research reference	2025-12-03 14:09:02 +01:00

1 2 3 4 5 ...

2184 Commits