Commit Graph

2015 Commits

Author SHA1 Message Date
Swissky
70f38d5678 Payloads - Quick fix 2018-02-23 13:48:51 +01:00
Swissky
b87c3fd7ff Traversal Dir + NoSQL major updates + small addons 2018-02-15 23:27:42 +01:00
Swissky
40fa20ec63
Merge pull request #13 from soffensive/master
Added payloads to detect more reliably blind NoSQL injection
2018-01-26 20:14:51 +01:00
soffensive
4892dc6577 Further payload added 2018-01-26 13:31:52 +01:00
soffensive
be12684bc0 Added payload to detect more reliably blind NoSQL injection 2018-01-26 13:28:57 +01:00
Swissky
3793d91fd4 Mimikatz + Credential Windows + XXE update 2017-12-06 20:40:29 +01:00
Swissky
2c048f7b52 SSRF Ip script + DDL & Execute Windows 2017-11-24 09:57:48 +01:00
Swissky
fea88a5738 SVG XSS + SSRF enclosed alphanumerics 2017-11-19 14:01:36 +01:00
Swissky
f740d8e825 MySQL - Code exec 2017-11-09 09:05:50 +01:00
Swissky
edd5f3601f File inclusion - more intruders 2017-10-21 16:48:17 +02:00
Swissky
6b1c98010d Merge pull request #10 from melvinsh/master
Add CSRF to OAuth2
2017-10-16 09:55:31 +02:00
Melvin Lammerts
59971e95d2 Add CSRF to OAuth2
Not sure if it qualifies as a _payload_ but I'll let you be the judge of that :)
2017-10-16 08:41:43 +02:00
Swissky
d16aec6f6a Tomcat CVE-2017-12617 2017-10-10 10:19:14 +02:00
Swissky
a2d5fe5cad Upload .htaccess to PHP code exec 2017-10-09 23:17:31 +02:00
Swissky
6ad7965efc SSRF AWS + Shell.php{3,4,5,7} 2017-09-27 14:37:07 +02:00
Swissky
87ef554e40 LFI to RCE via input:// stream 2017-09-24 00:37:56 +02:00
Swissky
3e6043be32 LFI - PHPSessid technique, more bypass and files 2017-09-24 00:32:55 +02:00
Swissky
278a130940 Command Exec - ``, $() and more bypasses 2017-09-23 23:30:40 +02:00
Swissky
e7cb8a2ce1 SSRF - Gopher Protocol 2017-09-19 20:35:18 +02:00
Swissky
1ca215d5d7 Multiple update - LFI/RCE via phpinfo, Struts2 v2 2017-09-13 23:55:29 +02:00
Swissky
c36d31ec5d LFI via /proc/*/fd + upload 2017-08-15 02:37:09 +02:00
Swissky
901d279fb3 RCE no {}, no space 2017-08-13 16:35:12 +02:00
Swissky
9adb81e6d8 SSRF URL Scheme + XXE Soap 2017-08-07 21:42:14 +02:00
Swissky
91e3c6906c Merge pull request #7 from rakeshmane/master
Update README.md
2017-08-07 19:29:35 +02:00
Rakesh Mane
6e42b617cc Update README.md 2017-08-07 21:22:36 +05:30
Swissky
dad26ce5e5 More Burp Intruder file - SQLi + Path traversal + XSS 2017-08-06 01:12:41 +02:00
Swissky
694b980817 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2017-08-03 21:36:38 +02:00
Swissky
635b9f87f7 Reverse Shell Cheatsheet 2017-08-03 21:35:43 +02:00
Swissky
9c9e1cc082 Merge pull request #6 from unl1k3ly/patch-1
Update README.md
2017-08-01 11:43:11 +02:00
unl1k3ly
be624c99ca Update README.md
check bucket disk size
2017-08-01 08:37:04 +10:00
Swissky
af48fc1ed4 More intruders folder - for BurpSuite 2017-07-30 13:42:32 +02:00
Swissky
8a3693855f XSS Intruder + Eicar + SSRF http://0 2017-07-30 13:17:00 +02:00
Swissky
064467ecfc SSTI + XSS Flash 2017-07-16 16:30:08 +02:00
Swissky
77e2fc8226 LDAP & XPATH injection + Small fixes and payloads 2017-07-14 23:40:31 +02:00
Swissky
9907a55c24 Image Magick - More payloads 2017-07-09 17:16:42 +02:00
Swissky
c4b49fa5ac Open Redirect Payloads updated 2017-07-06 21:02:19 +02:00
Swissky
6070ece522 Symbolic Link Zip + SQL injection ORDER BY 2017-07-04 23:17:59 +02:00
Swissky
a1fbd41bbb Wrapper PHP inclusion updated 2017-07-02 23:10:34 +02:00
Swissky
ab63a537e7 FFMpeg injection - Bypass and explanation 2017-06-28 22:45:36 +02:00
Swissky
240e46e1e1 XXE via DTD and PHP Filter 2017-06-28 21:43:30 +02:00
Swissky
43f8367df0 Update Image Tragick payloads 2017-06-28 11:23:16 +02:00
Swissky
220e9cb8bd FFMpeg HLS - read passwd/shadow 2017-06-26 21:32:10 +02:00
Swissky
d97cb891df AWS Bucket : Listings open bucket/reading and access 2017-06-18 18:42:12 +02:00
Swissky
f131aebce4 SSRF updates and methodology aquatone tool 2017-06-17 23:20:24 +02:00
Swissky
7c865ab8aa CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 14:57:28 +02:00
Swissky
2e75cbe25a Git insecure files renamed + svn method added 2017-06-04 17:58:09 +02:00
Swissky
94470a2544 More payloads for XSS/SQL/LFI/Upload and XXE 2017-06-04 17:22:26 +02:00
Swissky
58aed12c9d CRLF injection updated 2017-05-29 20:41:05 +02:00
Swissky
e89e4fd312 Methodology updated with RPCClient, User enumeration 2017-05-17 20:40:45 +02:00
Swissky
62f686dc1f Methodology updated - Dorks, Subdomains, Nmap 2017-05-01 22:40:36 +02:00