gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-03 08:17:11 -08:00
Code Issues Packages Projects Releases Wiki Activity
36 Commits 2 Branches 7 Tags
a39a10f175ccb7f66490db5ea3044379f31ebd22
Go to file
Clone
Open with VS Code
Download ZIP Download TAR.GZ Download BUNDLE
swisskyrepo a39a10f175 SQL injection - added some bypass
2016-12-04 20:26:42 +07:00
AWS Amazon Bucket S3
AWS added, XSS and methodology update
2016-11-11 16:03:35 +07:00
CRLF injection
Enumeration added and improvement for CRLF/XSS/SQL
2016-11-02 20:26:00 +07:00
CSV injection
Fix in juggling type + CSV injection
2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed
CVE Heartbleed and Shellshcok added
2016-10-20 09:54:29 +07:00
NoSQL injection
NOSQL injection added + updates XSS/XXE
2016-10-30 18:53:32 +07:00
OAuth
XSS,SQL OAuth Updated
2016-12-04 01:03:59 +07:00
Open redirect
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
PHP include
Methodology added, XSS payloads updated,little fix
2016-11-06 12:42:50 +07:00
PHP juggling type
Fix in juggling type + CSV injection
2016-10-20 10:50:12 +07:00
PHP serialization
PHP object injection
2016-10-20 11:02:19 +07:00
Remote commands execution
Updated XSS,SQL,RCE
2016-11-17 10:50:34 +07:00
SQL injection
SQL injection - added some bypass
2016-12-04 20:26:42 +07:00
SSRF injection
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
Tar commands execution
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
Traversal directory
Traversal Dir files + Updates XSS
2016-10-21 06:12:00 +07:00
Upload insecure files
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
XSS injection
XSS,SQL OAuth Updated
2016-12-04 01:03:59 +07:00
XXE injections
XXE renamed, little updates in SQL/Include + enum
2016-11-03 23:56:15 +07:00
.gitignore
Methodology added, XSS payloads updated,little fix
2016-11-06 12:42:50 +07:00
Methodology_and_enumeration.md
AWS added, XSS and methodology update
2016-11-11 16:03:35 +07:00
README.md
XSS,SQL OAuth Updated
2016-12-04 01:03:59 +07:00

README.md

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

  • XSS paylods improved
  • OAuth vulnerabilities added
  • AWS Bucket added
  • SQL payloads updated

Tools

More resources

Book's list:

Blogs/Websites

Reference in New Issue View Git Blame Copy Permalink
Description
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
Readme MIT 42 MiB
Languages
Python 83.8%
Ruby 6.3%
ASP.NET 3.8%
XSLT 2.6%
Classic ASP 1.4%
Other 1.9%