A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Go to file
2017-05-01 22:40:36 +02:00
AWS Amazon Bucket S3 AWS added, XSS and methodology update 2016-11-11 16:03:35 +07:00
CRLF injection Enumeration added and improvement for CRLF/XSS/SQL 2016-11-02 20:26:00 +07:00
CSV injection Fix in juggling type + CSV injection 2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed CVE Heartbleed and Shellshcok added 2016-10-20 09:54:29 +07:00
Git Svn insecure files README update : more books and tools 2017-04-08 15:59:40 +02:00
NoSQL injection NOSQL injection added + updates XSS/XXE 2016-10-30 18:53:32 +07:00
OAuth XSS,SQL OAuth Updated 2016-12-04 01:03:59 +07:00
Open redirect Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
PHP include Methodology added, XSS payloads updated,little fix 2016-11-06 12:42:50 +07:00
PHP juggling type Fix in juggling type + CSV injection 2016-10-20 10:50:12 +07:00
PHP serialization PHP object injection 2016-10-20 11:02:19 +07:00
Remote commands execution RCE Time based : Data extraction 2017-03-03 21:41:00 +01:00
SQL injection SQLite injection update-Extract table/column name 2017-02-21 09:16:51 +01:00
SSRF injection Minor Updates in SQL-SSRF-XSS 2017-01-07 20:51:47 +01:00
Tar commands execution Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Template injections Add Template injections + Jinja template injection 2017-04-01 18:53:43 +03:00
Traversal directory Traversal Dir files + Updates XSS 2016-10-21 06:12:00 +07:00
Upload insecure files Methodo, SQL,RCE,XSS,XXE updated 2016-12-20 19:46:06 +01:00
Web cache deception Typo fix in Web cache 2017-02-27 20:06:40 +01:00
XSS injection XSS Payload - bypass document blacklisted keyword 2017-03-02 17:39:15 +01:00
XXE injections Methodo, SQL,RCE,XSS,XXE updated 2016-12-20 19:46:06 +01:00
.gitignore Methodology added, XSS payloads updated,little fix 2016-11-06 12:42:50 +07:00
Methodology_and_enumeration.md Methodology updated - Dorks, Subdomains, Nmap 2017-05-01 22:40:36 +02:00
README.md Methodology updated - Dorks, Subdomains, Nmap 2017-05-01 22:40:36 +02:00

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Tools

Docker

More resources

Book's list:

Blogs/Websites

Youtube

Practice

Bug Bounty