daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
259 Commits
2 Branches
3 Tags
11 MiB
Commit Graph

259 Commits (8b39647de6886a79fbb44aa091700d9c0359ffb1)

Author SHA1 Message Date
Swissky 7b919e4492 AWS cp files and grant access with ACL 2018-10-20 17:03:13 +02:00
Swissky f1eefd2722 Script Docker RCE 2018-10-18 17:32:01 +02:00
Swissky f8019e2234
Merge pull request #27 from timwis/patch-1 
Remove gender-specific pronoun for attacker
 2018-10-11 09:09:42 +02:00
Tim Wisniewski 4f6841ed17
Remove gender-specific pronoun for attacker 
Wouldn't want anyone to think they can't grow up to be an attacker too! :)
 2018-10-10 23:54:18 -04:00
Swissky ea1c3a7ccb
Merge pull request #26 from Techbrunch/patch-1 
Add Rancher Metadata Service
 2018-10-08 23:02:35 +02:00
Techbrunch 78103d13a1
Add Rancher Metadata Service 2018-10-08 21:46:57 +02:00
Swissky 35d4139373 WebCache param miner file + Reverse shell Python TTY 2018-10-08 13:49:50 +02:00
Swissky 869b29195b SQLmap --crawl, --form 2018-10-04 19:59:11 +02:00
Swissky f0a8b6f8b8 Koadic cheatsheet renamed to "Windows - Post Exploitation" 2018-10-04 17:39:55 +02:00
Swissky 9ebf2057c5 Koadic Cheatsheet + Linux persistence in startup .desktop file 2018-10-04 17:35:57 +02:00
Swissky 747f1d172c Reverse shell python for Windows + Lua + Awk 2018-10-02 17:17:03 +02:00
Swissky 824d8c370b Bugfix README + Can I take over xyz 2018-10-02 16:57:01 +02:00
Swissky 1c5f8889bd Network Discovery and Subdomains enumerations 2018-10-02 16:17:16 +02:00
Swissky b315252c89 LFI - Intruder files (Windows,Linux,Logs...) 2018-10-01 17:11:51 +02:00
Swissky a3975ab261 SQLmap TOR + Cookie + Proxy 2018-10-01 16:03:07 +02:00
Swissky 7b49f1b13a PHP Serialization - phpggc 2018-10-01 12:30:14 +02:00
Swissky 6ca5ff1703
PHP Serialization Auth Bypass - Merge pull request #25 from noraj/patch-2 
add auth bypass
 2018-09-26 18:04:08 +02:00
Alexandre ZANNI 3cf806c8ff
2nd unserialize payload 2018-09-26 00:13:19 +02:00
Alexandre ZANNI d49e40b1b2
add auth bypass 2018-09-25 23:59:29 +02:00
Swissky 1a1a48c725 Web Cache Deception details from SI9INT's blogpost 2018-09-23 20:07:19 +02:00
Swissky 8bef006d7f
MSSQL Comments - Merge pull request #24 from Margular/patch-1 
add comments
 2018-09-22 23:12:23 +02:00
时雨 20c1e5c075
add comments 2018-09-23 02:30:03 +08:00
Swissky cce0444245 SQL injection - Intruders payloads 2018-09-21 18:44:32 +02:00
Swissky 699d66d701
Merge pull request #23 from noraj/patch-1 
routed injection in ToC
 2018-09-21 18:42:32 +02:00
Alexandre ZANNI a1eb693270
routed injection in ToC 2018-09-20 23:52:07 +02:00
Swissky 7a80647e63 Raw MD5 SQL injection + SSH Konami Code 2018-09-10 23:12:29 +02:00
Swissky 2a080f82e6 Cassandra SQL + XSS MD + PHP Type Juggling 2018-09-10 20:40:43 +02:00
Swissky 90f4c3634e PDF JS 2018-09-06 20:28:30 +02:00
Swissky beb0ce8c54 Linux Persistence + WebLogic RCE 2018-09-03 18:41:05 +02:00
Swissky 011baa7321
Merge pull request #22 from cclauss/patch-1 
Use octal numbers that work in both Python 2 and 3
 2018-09-02 15:57:48 +02:00
cclauss d642980f8c
Use octal numbers that work in both Python 2 and 3 
python2 -c "print(0777 << 16L == 0o777 << 16)"  # True
 2018-09-02 14:09:55 +02:00
Swissky d847e2e6bb
Merge pull request #21 from cclauss/patch-1 
import string in uploadlfi.py
 2018-09-02 13:54:45 +02:00
cclauss 150110a96c
import string in uploadlfi.py 
__string__ is used twice on line 13 but it is never imported.
 2018-09-02 13:24:35 +02:00
Swissky 64e577b650 CSP bypass fix link 2018-09-01 15:38:57 +02:00
Swissky fe52b32af8 XSS CSP Bypass + PostgreSQL read/write 2018-09-01 15:36:33 +02:00
Swissky c38adaded3 CVE Apache Struts + XSS in Python Notebook 2018-08-28 18:48:26 +02:00
Swissky 2a54753d11
Merge pull request #20 from developersatyendra/master 
latest Apache struts CVE 2018 exploit added
 2018-08-28 18:37:17 +02:00
developersatyendra e2bd481882
Rename ApacheStrutsV3.py to ApacheStrutsV3-2018.py 2018-08-28 03:15:10 -04:00
developersatyendra 72e73e38c2
Created ApacheStrutsV3.py 
added latest apache struts exploit which is written by @s1kr10s
 2018-08-28 03:14:40 -04:00
Swissky f612a91bb5 LFI via Upload (race condition) + Network Pivot nmap 2018-08-26 15:43:26 +02:00
Swissky b2faf8c747 SSRF bugfix picture 2018-08-23 19:16:38 +02:00
Swissky 2b7acbc493 SSRF - Bad Parsers 2018-08-23 19:15:15 +02:00
Swissky 0c707c4188 ImageTragick v2 + Angular 1.6+ XSS 2018-08-22 21:42:25 +02:00
Swissky fe7314444c Phar Wrapper - "unserialize" 2018-08-19 18:47:32 +02:00
Swissky cfbe1a4469 SSRF Docker & Kubernetes 2018-08-19 16:32:26 +02:00
Swissky e11339e669 Markdown formatting - Part 3 2018-08-13 13:07:37 +02:00
Swissky b87e14a0ed Markdown formatting - Part 2 2018-08-13 12:01:13 +02:00
Swissky 65654f81a4 Markdown formatting update 2018-08-12 23:30:22 +02:00
Swissky 177c12cb79 Multiple update in READMEs + RCE tricks 2018-08-12 00:17:58 +02:00
Swissky b20cdde4d9 Adding soffensive's windowsblindread file 2018-08-03 17:56:29 +02:00