ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-01 07:57:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,043 Commits 2 Branches 6 Tags 38 MiB
3b957de607
Commit Graph

2043 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lshep-bf
3b957de607 Update Python deserialization documentation and add unit test 
Add more examples and sections to `Insecure Deserialization/Python.md` and create a new test file `test_python_md.py`.

* **Insecure Deserialization/Python.md**:
  - Add examples of vulnerable code snippets and their secure alternatives for `pickle` and `PyYAML`.
  - Include a section on common pitfalls and how to avoid them when using deserialization in Python.
  - Provide a list of tools and libraries that can help detect and prevent insecure deserialization in Python applications.
  - Add references to relevant documentation, articles, and research papers for further reading.
  - Include a section on how to test for insecure deserialization vulnerabilities in Python applications, including both manual and automated testing techniques.

* **test_python_md.py**:
  - Import the `unittest` and `re` modules.
  - Create a test case that reads the `Insecure Deserialization/Python.md` file.
  - Extract the Python code blocks from the markdown file.
  - Execute each code block and check for any exceptions.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/swisskyrepo/PayloadsAllTheThings?shareId=XXXX-XXXX-XXXX-XXXX).
 2025-01-20 14:42:00 -08:00
Swissky
ddad93a1d2 System prompt + Arg injection + Disclaimer
Some checks failed
mkdocs-build / deploy (push) Has been cancelled
Details
2025-01-14 22:26:29 +01:00
Swissky
38716075f0 Books update 2024-12-01 12:52:11 +01:00
Swissky
e42edaab74 Learning and Socials updates 2024-12-01 12:18:45 +01:00
Swissky
32d9f7550d XPATH + XSS + XXE + XSLT 2024-11-30 21:14:51 +01:00
Swissky
8c09568cb2 Regex + SSRF 2024-11-30 19:48:32 +01:00
Swissky
8b27a177c2 Indirect Prompt Injection 2024-11-29 23:39:17 +01:00
Swissky
29f46934ac NoSQL + Open Redirect 2024-11-29 22:08:58 +01:00
Swissky
6795bee1c4 LDAP + LaTeX + Management Interface 2024-11-29 18:09:59 +01:00
Swissky
801aecb2ba GraphQL + HPP 2024-11-29 13:49:54 +01:00
Swissky
e6466b4cf9 LFI/RFI pages 2024-11-29 11:52:51 +01:00
Swissky
a16f8a6de1 Path Traversal + CSV Injection 2024-11-28 21:36:01 +01:00
Swissky
57f7c8ddad ViewState Java 2024-11-27 15:29:33 +01:00
Swissky
9425cec068 Handlebars - Basic Injection 2024-11-25 18:42:36 +01:00
Swissky
6bfad6a84d SSTI - SpEL 2024-11-25 13:56:29 +01:00
Swissky
35109b4154 CORS and CRLF updates 2024-11-24 13:44:55 +01:00
Swissky
4e03772f4a API Key rework 2024-11-18 18:26:58 +01:00
Swissky
0108d01571 Edge Side Inclusion 2024-11-18 16:51:28 +01:00
Swissky
98cfc9ce8c XXE Error Based Local DTD 2024-11-18 12:41:35 +01:00
Swissky
846706b87d XXE on JSON Endpoints 2024-11-18 10:43:39 +01:00
Swissky
9932059563 YAML Deserialization 2024-11-17 20:48:10 +01:00
Swissky
b98f8ca587 DB2 Injection updates 2024-11-17 18:37:07 +01:00
Swissky
3c5bab0338 SQL - File Manipulation and Error Based Injection 2024-11-16 18:49:01 +01:00
Swissky
9a908a15d2 MSSQL, OracleSQL, PostgreSQL Substring Equivalent 2024-11-16 15:35:43 +01:00
Swissky
67af38aa4e SQL Injections - Updates for MSSQL, Oracle, PostgreSQL 2024-11-15 23:56:04 +01:00
Swissky
f57d0813ca SQL - MySQL Page Cleanup 2024-11-15 18:42:58 +01:00
Swissky
cde11da0c7 SQL Injection - Methodology 2024-11-15 14:48:58 +01:00
Swissky
8bc33f8bb7 Fix markdown style issues in Account Takeover 2024-11-13 15:30:33 +01:00
Swissky
a6b3b9dd05 CONTRIBUTING page updates - adding rules 2024-11-13 14:24:09 +01:00
Swissky
f333d48960 Fix invalid spaces indents 2024-11-13 14:08:26 +01:00
Swissky
dc349c10c3 Update _template_vuln page 2024-11-13 13:39:19 +01:00
Swissky
d6ce9cd317 Github Action - Markdown Linting for PR 2024-11-13 12:29:42 +01:00
Swissky
118924f291 Challenges added for CRLF, Command Injection, File Inclusion 2024-11-12 19:01:34 +01:00
Swissky
0a5ecc407c Normalize page header for Web Socket, XSLT, XSS, XXE 2024-11-10 21:15:44 +01:00
Swissky
48a4e5c95b Normalize page header for SQLi, Upload, Cache Deception 2024-11-10 20:49:52 +01:00
Swissky
a338b2f12a Normalize page header for SSTI, SAML, SSI 2024-11-10 19:14:16 +01:00
Swissky
1a3e605d64 Normalize page header for JWT, LDAP, LaTeX, OAuth, ORM 2024-11-10 15:28:12 +01:00
Swissky
2304101657 Normalize page header for GraphQL, Deserialization, SCM 2024-11-10 14:37:48 +01:00
Swissky
2deb20a6f1 Normalize page header for CSRF, DNS, DOS, Dependencies 2024-11-10 11:18:46 +01:00
Swissky
d80f73a829 Normalize page header for API, CSPT, CORS, CSRF 2024-11-09 23:01:39 +01:00
Swissky
c82cd6408a Renaming Subdomain Enumeration to Web Attack Surface 2024-11-09 12:38:35 +01:00
Swissky
70fb63a9bf
Merge pull request #756 from Fisjkars/patch-1 
Add CVE-2023–5123 in CSPT2CSRF real world scenario
 2024-11-08 22:20:45 +01:00
Swissky
4f0e6334bd References updated for XSS + page splitted in subcategories 2024-11-08 18:23:43 +01:00
Maxime Escourbiac
5c60cd7b61
Add CVE-2023–5123 in CSPT2CSRF real world scenario 2024-11-08 15:09:08 +01:00
Swissky
37641d2b9e References updated for XPATH, XSLT, XXE, Web Socket 2024-11-07 23:50:30 +01:00
Swissky
b2bb1df9a9 References addded for SQLi, Upload, SSTI, Type Juggling 2024-11-07 20:54:16 +01:00
Swissky
ffa5ea764a
Merge pull request #755 from n3rada/patch-1 
PostgreSQL privilege list update
 2024-11-07 18:42:46 +01:00
Swissky
df8d4d7f27 References updated for SAML, SSI, SSRF 2024-11-07 18:31:21 +01:00
Swissky
9ed40edfca References updated for NoSQL, OAuth, ORM, Prompt, RegEx 2024-11-07 16:20:58 +01:00
n3rada
a590290016
PostgreSQL privilege list update 2024-11-07 15:12:58 +01:00