A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Go to file
2016-12-04 19:18:49 +07:00
AWS Amazon Bucket S3 AWS added, XSS and methodology update 2016-11-11 16:03:35 +07:00
CRLF injection Enumeration added and improvement for CRLF/XSS/SQL 2016-11-02 20:26:00 +07:00
CSV injection Fix in juggling type + CSV injection 2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed CVE Heartbleed and Shellshcok added 2016-10-20 09:54:29 +07:00
NoSQL injection NOSQL injection added + updates XSS/XXE 2016-10-30 18:53:32 +07:00
OAuth XSS,SQL OAuth Updated 2016-12-04 01:03:59 +07:00
Open redirect Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
PHP include Methodology added, XSS payloads updated,little fix 2016-11-06 12:42:50 +07:00
PHP juggling type Fix in juggling type + CSV injection 2016-10-20 10:50:12 +07:00
PHP serialization PHP object injection 2016-10-20 11:02:19 +07:00
Remote commands execution Updated XSS,SQL,RCE 2016-11-17 10:50:34 +07:00
SQL injection SQL injection - Tamper script 2016-12-04 19:18:49 +07:00
SSRF injection Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Tar commands execution Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Traversal directory Traversal Dir files + Updates XSS 2016-10-21 06:12:00 +07:00
Upload insecure files Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
XSS injection XSS,SQL OAuth Updated 2016-12-04 01:03:59 +07:00
XXE injections XXE renamed, little updates in SQL/Include + enum 2016-11-03 23:56:15 +07:00
.gitignore Methodology added, XSS payloads updated,little fix 2016-11-06 12:42:50 +07:00
Methodology_and_enumeration.md AWS added, XSS and methodology update 2016-11-11 16:03:35 +07:00
README.md XSS,SQL OAuth Updated 2016-12-04 01:03:59 +07:00

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

  • XSS paylods improved
  • OAuth vulnerabilities added
  • AWS Bucket added
  • SQL payloads updated

Tools

More resources

Book's list:

Blogs/Websites