Vunnm
273da9e1b5
Add JSON simple with form
...
Add JSON simple paylaod with autosubmit form. Using autosubmit form instead of AJax, allow to bypass some protection like the Standard Enhanced Tracking Protection in Firfefox, which will refuse to send cookie with cross-site Ajax request (tested with Firefox 115.0.2esr),.
2023-08-05 14:39:33 +02:00
Swissky
d642e97d8d
Merge pull request #661 from emmanuel-ferdman/wip
...
fix: broken link on AWS Amazon Bucket S3 page
2023-07-26 14:20:27 +02:00
Emmanuel Ferdman
20b8870123
fix: broken link on AWS Amazon Bucket S3 page
...
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2023-07-26 15:09:56 +03:00
Swissky
e366ef9a13
Merge pull request #660 from yanncam/master
...
Added precision on the format, generation and breaking of NetNTLMv1
2023-07-25 15:28:12 +02:00
Yann CAM (ycam)
e80702d599
More details on NetNTLMv1 + typos
...
More details on NetNTLMv1 + typos
2023-07-25 11:31:35 +02:00
Yann CAM (ycam)
4336cb1fd5
Update NetNTLMv1 breaking methodology
...
Add SHuck.Sh/ShuckNT process and details.
2023-07-25 11:11:36 +02:00
Swissky
b715364547
Fix typo
2023-07-18 22:19:29 +02:00
Swissky
52ef85a830
WebSocket Tools
2023-07-18 22:17:51 +02:00
Swissky
fbc43be79f
Merge pull requests
2023-07-18 18:24:14 +02:00
Swissky
87e6f55e16
Error Based XXE - Local DTD
2023-07-18 18:23:34 +02:00
Swissky
359b9b435e
Merge pull request #659 from preemptible/patch-1
...
Update BOOKS.md
2023-07-18 10:21:23 +02:00
Swissky
3de6c41823
Merge pull request #658 from NaxnN/patch-2
...
Update SQLite Injection.md
2023-07-18 10:20:20 +02:00
preemptible
6d12abb4ec
Update BOOKS.md
...
I added 'black hat Rust', a great book in my humble opinion.
2023-07-18 11:16:36 +03:00
KeoOp
d5f85f13d5
Update SQLite Injection.md
...
add "group_concat" so that all tables can be extracted once when the query only returns the first item
2023-07-16 23:44:00 +08:00
Swissky
cd19bb9409
Business Logic Errors + Mass Assignment
2023-07-09 13:01:03 +02:00
Swissky
b68ce28c4b
Open Redirect + SSI Injection
2023-07-08 10:09:59 +02:00
Swissky
86e246dd03
Prototype Pollution
2023-07-07 23:10:33 +02:00
Swissky
0a75beeccd
Merge pull request #652 from clem9669/master
...
Update README.md for Latex injection
2023-06-29 12:27:22 +02:00
clem9669
fa3cf25c55
Update README.md
2023-06-29 10:19:14 +00:00
Swissky
f723ef4878
Merge pull request #651 from JLLeitschuh/patch-3
...
Add new AWS IPv6 SSRF Endpoint
2023-06-29 10:59:10 +02:00
Swissky
9711417161
Update README.md
2023-06-29 10:59:02 +02:00
Swissky
a8161ef48c
Merge pull request #650 from Xhoenix/master
...
update ssrf payloads
2023-06-29 10:41:31 +02:00
Jonathan Leitschuh
bb3f865e10
Add new AWS IPv6 SSRF Endpoint
...
Documentation: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-data-retrieval.html
2023-06-28 18:51:53 -04:00
Jitendra Patro
384f54af54
Merge branch 'swisskyrepo:master' into master
2023-06-28 15:51:00 +05:30
Jitendra Patro
391b18cf20
update bypass localhost with [::] payloads
2023-06-28 15:50:43 +05:30
Swissky
70396ec71d
Merge pull request #649 from MotiHarmats/patch-1
...
Add CI/CD payloads
2023-06-28 10:26:10 +02:00
Swissky
ec11a14e4e
Merge pull request #648 from mpgn/master
...
Use new offical CME repository
2023-06-28 10:18:55 +02:00
MotiHarmats
de8d4796af
Add CI/CD payloads
2023-06-28 11:15:58 +03:00
mpgn
35b0d672f0
Use new offical CME repository
2023-06-28 10:12:15 +02:00
Swissky
113afae290
AWS EC2 Metadata + SSSD token deobfuscate
2023-06-27 15:45:29 +02:00
Swissky
5ddd8e04da
MSSQL - Stacked Queries Delimiters
2023-06-25 00:02:54 +02:00
Swissky
e9c1ce1c09
AWS Key Patterns
2023-06-22 19:03:06 +02:00
Swissky
fc36b38430
DOM Clobbering
2023-06-10 20:08:23 +02:00
Swissky
726de9e9b2
Merge pull request #645 from azurit/ssrflocalhost
...
SSRF: bypass using IPv6/IPv4 Address Embedding
2023-06-09 10:48:54 +02:00
Swissky
10df57a531
Type Juggling
2023-06-09 10:46:54 +02:00
Swissky
de6e91657d
Type Juggling - Loose Comparison and Exploit
2023-06-09 10:45:45 +02:00
Swissky
f0d02d2414
Merge pull request #647 from noraj/patch-1
...
xxe - go secure workshop
2023-06-08 11:09:10 +02:00
Swissky
aba6f1e731
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2023-06-08 11:07:39 +02:00
Swissky
93fa4df7cd
Prompt Injection
2023-06-08 11:06:37 +02:00
Alexandre ZANNI
3e8a39a87d
xxe - go secure workshop
2023-06-08 10:14:35 +02:00
Swissky
e17b6e1ac4
Merge pull request #646 from NaxnN/patch-1
...
Update SSTI README.md
2023-06-07 09:46:59 +02:00
KeoOp
598d2ca3fa
Update README.md
2023-06-07 14:15:07 +08:00
Swissky
b8c803717a
WDAC Policy Removal + SSRF domains
2023-05-31 14:18:25 +02:00
azurit
226569b753
Update README.md
2023-05-21 14:54:42 +02:00
Swissky
f85f2cb4c6
Merge pull request #644 from rdbo/patch-1
...
Fixed typos on README.md
2023-05-18 13:32:58 +02:00
Rdbo
83b2d80a56
fixed typos
2023-05-18 01:58:36 +00:00
Swissky
0a07e07d00
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2023-05-15 19:23:58 +02:00
Swissky
6adfe5d865
GraphQL Batching Attacks
2023-05-15 19:23:07 +02:00
Swissky
af4ade2a44
Merge pull request #643 from p0dalirius/patch-2
...
SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"]
2023-05-09 20:16:05 +02:00
Rémi GASCOU (Podalirius)
b3f98adf0c
SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"]
2023-05-09 20:15:02 +02:00