ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 02:46:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
304 Commits 2 Branches 6 Tags 31 MiB
e36b15a6d7
Commit Graph

64 Commits

Author SHA1 Message Date
Swissky
6d2cd684fa Web cache deception resources update 2019-03-01 17:49:19 +01:00
Infected Drake
4187f87d0d
Added a new bypass variant + fixed a payload 2019-02-20 11:17:49 +05:30
Anton Lopanitsyn
200a2d38d8
Fix fake xss 
Actually, is not XSS.

Running scripts like <a href="data:text/html,<script>alert(location.origin)</script>">clickme</a> have location.origin "null".
 2019-02-11 09:34:13 +03:00
Swissky
22c82cb277
Merge pull request #35 from noraj/patch-1 
XSS using base64 encoded href data in a link
 2019-01-17 19:54:37 +01:00
Swissky
0070ac5dc4 Phar PHP shell files 2019-01-10 22:36:30 +01:00
Alexandre ZANNI
c7a292c19d
XSS using base64 encoded href data in a link 2019-01-10 18:24:43 +01:00
Swissky
ea0bddc18a Windows RCE wildcard + XSS UI redressing 2019-01-08 20:49:05 +01:00
Swissky
8b39647de6 AWS S3 and Open redirect rewritten 2018-12-29 13:05:29 +01:00
Swissky
82d4ff6c1d References added based on @ngalongc bug-bounty-references 2018-12-25 16:10:15 +01:00
Swissky
a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky
b4aff1a826 Architecture - Files/Intruder/Images and README + template 2018-12-23 00:45:45 +01:00
Swissky
928a454531 Blind XSS endpoint + SSRF Google + Nmap subdomains 2018-11-25 15:44:17 +01:00
Swissky
a0f8e846fa Blind XSS - XSS Hunter, Sleepy Puppy etc 2018-11-18 15:37:01 +01:00
omer citak
081df9b24d
add new attack patterns from Daniel miessler 
https://github.com/danielmiessler/SecLists/edit/master/Fuzzing/Polyglots/XSS-Polyglots.txt
new attack patterns: line 1, 2, 3.
 2018-11-16 14:45:51 +03:00
Swissky
af9abc6592 More CVE - RCE : Jenkins, JBoss, WebLogic, WebSphere 2018-11-15 23:13:08 +01:00
Swissky
ddfdc51e68 Credit fix - WAF bypass 2018-11-09 12:43:30 +01:00
Swissky
86db6b7f6f Polyglot XSS from @filedescriptor's Polyglot Challenge 2018-10-31 23:41:11 +01:00
Swissky
4b7fe437a5 LDAP userPassword attribute 2018-10-31 22:34:10 +01:00
Swissky
add00c7357 JWT JSON Web Token + SSI files 2018-10-29 22:22:10 +01:00
Swissky
f1eefd2722 Script Docker RCE 2018-10-18 17:32:01 +02:00
Swissky
cce0444245 SQL injection - Intruders payloads 2018-09-21 18:44:32 +02:00
Swissky
2a080f82e6 Cassandra SQL + XSS MD + PHP Type Juggling 2018-09-10 20:40:43 +02:00
Swissky
90f4c3634e PDF JS 2018-09-06 20:28:30 +02:00
Swissky
64e577b650 CSP bypass fix link 2018-09-01 15:38:57 +02:00
Swissky
fe52b32af8 XSS CSP Bypass + PostgreSQL read/write 2018-09-01 15:36:33 +02:00
Swissky
cfbe1a4469 SSRF Docker & Kubernetes 2018-08-19 16:32:26 +02:00
Swissky
e11339e669 Markdown formatting - Part 3 2018-08-13 13:07:37 +02:00
Swissky
b87e14a0ed Markdown formatting - Part 2 2018-08-13 12:01:13 +02:00
Swissky
65654f81a4 Markdown formatting update 2018-08-12 23:30:22 +02:00
Swissky
177c12cb79 Multiple update in READMEs + RCE tricks 2018-08-12 00:17:58 +02:00
Swissky
644724396f LaTeX display code + XSS location alternative 2018-08-01 21:19:18 +02:00
Isopach
8e26277407
Update README.md 
Correct misspelling
 2018-07-31 18:02:38 +09:00
Swissky
4a0fc27578 XSS Colors highlighting + JS code eval 2018-06-27 20:00:17 +02:00
Swissky
e6b5dfa3de Fix README broken links 2018-03-25 23:51:22 +02:00
Swissky
d1f6e8397d Refactoring XSS 0/? 2018-03-23 13:53:53 +01:00
Swissky
30019235f8 SQLmap tips + Active Directory attacks + SQLite injections 2018-03-12 09:17:31 +01:00
Swissky
70f38d5678 Payloads - Quick fix 2018-02-23 13:48:51 +01:00
Swissky
b87c3fd7ff Traversal Dir + NoSQL major updates + small addons 2018-02-15 23:27:42 +01:00
Swissky
fea88a5738 SVG XSS + SSRF enclosed alphanumerics 2017-11-19 14:01:36 +01:00
Swissky
edd5f3601f File inclusion - more intruders 2017-10-21 16:48:17 +02:00
Swissky
1ca215d5d7 Multiple update - LFI/RCE via phpinfo, Struts2 v2 2017-09-13 23:55:29 +02:00
Rakesh Mane
6e42b617cc Update README.md 2017-08-07 21:22:36 +05:30
Swissky
dad26ce5e5 More Burp Intruder file - SQLi + Path traversal + XSS 2017-08-06 01:12:41 +02:00
Swissky
8a3693855f XSS Intruder + Eicar + SSRF http://0 2017-07-30 13:17:00 +02:00
Swissky
064467ecfc SSTI + XSS Flash 2017-07-16 16:30:08 +02:00
Swissky
94470a2544 More payloads for XSS/SQL/LFI/Upload and XXE 2017-06-04 17:22:26 +02:00
Swissky
eecfc69c08 XSS Payload - bypass document blacklisted keyword 2017-03-02 17:39:15 +01:00
Swissky
23f00b55d5 Update SQL injection with Information.schema alternatives 2017-02-06 09:50:13 +01:00
Swissky
c9e13fcc36 XSS Unicode update 2017-01-21 15:38:47 +01:00
swisskyrepo
b01c249da8 Update XSS with AngularJS Bypass 1.1.0 to 1.6.0 2017-01-15 19:14:39 +01:00