ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
488 Commits 2 Branches 6 Tags 31 MiB
Python 83.8%
Ruby 6.3%
ASP.NET 3.8%
XSLT 2.6%
Classic ASP 1.4%
Other 1.9%
f81f9440b8
Go to file
nizam0906 f81f9440b8
Added More Ways to Detect columns number 
using order by or group by
using order by or group by error based
using UNION SELECT Error Based
2019-10-29 16:32:22 +05:30
_template_vuln SAML exploitation + ASREP roasting + Kerbrute 2019-03-24 13:16:23 +01:00
.github Update FUNDING.yml with buymeacoffee 2019-09-13 17:49:47 +02:00
API Key Leaks API Key Leaks - Twitter/Twilio/Gitlab 2019-09-22 17:06:44 +02:00
AWS Amazon Bucket S3 CORS Misconfiguration 2019-08-18 12:08:51 +02:00
Command Injection Remove http:// prefix for DNS queries 2019-05-07 18:14:49 +02:00
CORS Misconfiguration CORS Misconfiguration 2019-08-18 12:08:51 +02:00
CRLF Injection Fix name's capitalization 2019-03-07 00:07:55 +01:00
CSRF Injection HQL Injection + references update 2019-06-16 23:45:52 +02:00
CSV Injection HQL Injection + references update 2019-06-16 23:45:52 +02:00
CVE Exploits RCE vBulletin + findomain 2019-09-26 20:41:01 +02:00
Directory Traversal Pspy + Silver Ticket + MSSQL connect 2019-08-18 22:24:48 +02:00
File Inclusion Add filter iconv utf16 LFI bypass tricks 2019-10-17 17:40:59 +02:00
GraphQL Injection PrivEsc - sudoers + Upload PHP 2019-09-02 12:36:40 +02:00
Insecure Deserialization Add .NET references 2019-10-02 20:23:37 -04:00
Insecure Direct Object References Command injection rewritten 2019-04-21 19:50:50 +02:00
Insecure Management Interface Fix name's capitalization 2019-03-07 00:07:55 +01:00
Insecure Source Code Management ImageMagik Ghost Script + Typo git summary 2019-06-26 00:07:06 +02:00
JSON Web Token SharpPersist - Windows Persistence 2019-09-13 17:38:23 +02:00
Kubernetes Update readme.md 2019-10-16 14:45:42 +02:00
LaTeX Injection Fix name's capitalization 2019-03-07 00:07:55 +01:00
LDAP Injection Fix name's capitalization 2019-03-07 00:07:55 +01:00
Methodology and Resources Drop the MIC 2019-10-21 23:00:27 +02:00
NoSQL Injection little changes 2019-10-09 16:53:34 +02:00
OAuth Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Open Redirect Add Host/Split Unicode Normalization 2019-08-30 08:57:22 +01:00
SAML Injection GraphQL + LXD/etc/passwd PrivEsc + Win firewall 2019-06-09 13:46:40 +02:00
Server Side Request Forgery fix TOC links 2019-10-22 20:26:04 +02:00
Server Side Template Injection krb5.keytab + credential use summary 2019-10-20 13:25:06 +02:00
SQL Injection Added More Ways to Detect columns number 2019-10-29 16:32:22 +05:30
Type Juggling Type Juggling - Another SHA 256 2019-07-14 14:23:20 +02:00
Upload Insecure Files PrivEsc - sudoers + Upload PHP 2019-09-02 12:36:40 +02:00
Web Cache Deception Fix dead youtube link 2019-10-02 20:09:41 -04:00
Web Sockets CORS Misconfiguration 2019-08-18 12:08:51 +02:00
XPATH Injection Out of band XPATH 2019-10-22 23:06:35 +02:00
XSS Injection Updated Blind XSS endpoint 2019-10-28 16:51:36 +05:30
XXE Injection Add local DTD section to the XXE Injection page 2019-10-01 18:22:42 -04:00
.gitignore Shell IPv6 + Sandbox credential 2019-01-07 18:15:45 +01:00
BOOKS.md README rewrite : BOOKS and YOUTUBE 2019-05-12 22:43:42 +02:00
LICENSE Create License 2019-05-25 16:27:35 +02:00
README.md XSS PostMessage 2019-08-03 23:22:14 +02:00
YOUTUBE.md Fix YOUTUBE and BOOKS links 2019-05-12 22:59:22 +02:00

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.