A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Go to file
2016-10-19 23:39:07 +07:00
CRLF CRLF Payload 2016-10-18 15:15:43 +07:00
CSV_Injection Init directory with README 2016-10-18 15:01:56 +07:00
Open_Redirect Open Redirect Payloads 2016-10-18 15:41:18 +07:00
PHP_Serialization XXE payloads 2016-10-18 14:06:10 +07:00
RCE MySQL Payloads 2016-10-18 13:39:17 +07:00
SQL_Injection MySQL Payloads 2016-10-18 13:39:17 +07:00
SSRF SSRF payloads 2016-10-18 14:54:41 +07:00
TAR_Code_Exec Tar command exec 2016-10-18 18:36:18 +07:00
Traversal_Directory Traversal Directory payloads 2016-10-19 07:51:24 +07:00
Upload Upload payloads 2016-10-18 18:13:23 +07:00
XSS XSS payloads 2016-10-19 23:39:07 +07:00
XXE XXE payloads 2016-10-18 14:06:10 +07:00
README.md XSS payloads 2016-10-19 23:39:07 +07:00

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security

TODO:

  • PHP Include
  • PHP Serialization
  • CSV Injection

To improve:

  • RCE
  • SQL injection
  • XXE
  • SSRF
  • Upload
  • Tar command exec
  • Traversal Directory
  • XSS

TODO v2:

  • Remove "_" in dir name

/!\ Work in Progress : 40%