mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

bounty bugbounty bypass cheatsheet enumeration hacking hacktoberfest methodology payload payloads penetration-testing pentest privilege-escalation redteam security vulnerability web-application

Go to file

swisskyrepo c73124a79d Enumeration added and improvement for CRLF/XSS/SQL		2016-11-02 20:26:00 +07:00
CRLF injection	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00
CSV injection	Fix in juggling type + CSV injection	2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed	CVE Heartbleed and Shellshcok added	2016-10-20 09:54:29 +07:00
NoSQL injection	NOSQL injection added + updates XSS/XXE	2016-10-30 18:53:32 +07:00
Open redirect	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
PHP include	Fix SVG payload - with a trick :X	2016-10-25 00:18:07 +07:00
PHP juggling type	Fix in juggling type + CSV injection	2016-10-20 10:50:12 +07:00
PHP serialization	PHP object injection	2016-10-20 11:02:19 +07:00
Remote commands execution	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
SQL injection	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00
SSRF injection	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Tar commands execution	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Traversal directory	Traversal Dir files + Updates XSS	2016-10-21 06:12:00 +07:00
Upload insecure files	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
XSS injection	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00
XXE files	NOSQL injection added + updates XSS/XXE	2016-10-30 18:53:32 +07:00
Enumeration_and_fingerprinting.md	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00
README.md	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00

README.md

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

XSS paylods improved
CRLF payloads improved
SQLi payloads improved
Enumeration added (WIP)

TODO : Basic methodology for hunting bugs and vulnerabilities

More resources

Book's list:

Web Hacking 101 - https://leanpub.com/web-hacking-101
The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470