mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
CRLF injection | ||
CSV injection | ||
CVE Shellshock Heartbleed | ||
Open redirect | ||
PHP include | ||
PHP juggling type | ||
PHP serialization | ||
Remote commands execution | ||
SQL injection | ||
SSRF injection | ||
Tar commands execution | ||
Traversal directory | ||
Upload insecure files | ||
XSS injection | ||
XXE files | ||
README.md |
Payloads All The Things
A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads (I <3 pull requests) :)
To improve:
- RCE
- SQL injection
- XXE
- SSRF
- Upload
- Tar command exec
- Traversal Directory
- XSS
- PHP Include
- CSV Injection
- PHP Serialization