daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
889 Commits
2 Branches
3 Tags
11 MiB
Commit Graph

889 Commits (91fc542c8137065362b8dc23e3b72f6a76f7dcc5)

Author SHA1 Message Date
Swissky 78c882fb34 Jenkins Grrovy + MSSQL UNC + PostgreSQL list files 2019-02-17 20:02:16 +01:00
swisskyrepo eac421432a File upload - merging old files 2019-02-15 16:00:50 +01:00
swisskyrepo 88d5af0b19 JWT - Payload detail 2019-02-11 14:04:38 +01:00
Swissky bb0177916d
Merge pull request #40 from Bo0oM/patch-1 
Fix fake xss
 2019-02-11 10:05:31 +01:00
Anton Lopanitsyn 200a2d38d8
Fix fake xss 
Actually, is not XSS.

Running scripts like <a href="data:text/html,<script>alert(location.origin)</script>">clickme</a> have location.origin "null".
 2019-02-11 09:34:13 +03:00
Swissky f2273f5cce PrivExchange attack 2019-02-10 19:51:54 +01:00
Swissky 8c1c35789d SQLmap tamper update 2019-02-10 19:07:27 +01:00
Swissky 1c37517bf3 .git/index file parsing + fix CSRF payload typo 2019-02-07 23:33:47 +01:00
Swissky 8ff2aa8aff
Merge pull request #39 from n3v4/master 
Update exif_imagetype bypass
 2019-02-07 14:01:43 +01:00
Vladislav Nechakhin 90db8b0f11 Update exif_imagetype bypass 2019-02-07 14:59:22 +07:00
Vladislav Nechakhin 7877647db1 Update exif_imagetype bypass 2019-02-07 14:51:03 +07:00
Swissky 357f8a69a8
Merge pull request #38 from n3v4/master 
Add exif_imagetype bypass
 2019-02-02 11:36:22 +01:00
Vladislav Nechakhin b30ac4e5bb Add exif_imagetype bypass 2019-02-02 17:29:04 +07:00
Swissky ffde81e2c0
Merge pull request #37 from marcan2020/patch-1 
Update MSSQL Command execution
 2019-01-29 23:14:09 +01:00
marcan2020 7068cb6edc
Update MSSQL Command execution 2019-01-29 15:25:25 -05:00
Swissky 20bf52eb6a Bugfix 3 - removing the "-" in SSRF 2019-01-28 20:35:28 +01:00
Swissky 1f502ce20d Bugfix 2 - Fixing git mess 2019-01-28 20:32:43 +01:00
Swissky b9f2fe367c Bugfix - Errors in stashed changes 2019-01-28 20:27:45 +01:00
Swissky cd2d76d538
Merge pull request #36 from ThunderSon/patch-1 
fead: add powerless repo to the tools
 2019-01-28 08:16:38 +01:00
ThunderSon 99857a714f
fead: add powerless repo to the tools 2019-01-27 20:13:06 +02:00
Swissky e07a654080 Command injection renamed + sudo/doas privesc 2019-01-22 21:45:41 +01:00
Swissky 4db45a263a MSSQL union based + Windows Runas 2019-01-20 16:41:46 +01:00
Swissky 22c82cb277
Merge pull request #35 from noraj/patch-1 
XSS using base64 encoded href data in a link
 2019-01-17 19:54:37 +01:00
Swissky ab6535c6d9 Bugfix picture SSRF 2019-01-13 22:28:49 +01:00
Swissky 1547338f84 SSRF exploitation and minor rewritting 2019-01-13 22:27:11 +01:00
Swissky 3bcd3d1b3c SUID & Capabilities 2019-01-13 22:05:39 +01:00
Swissky 0070ac5dc4 Phar PHP shell files 2019-01-10 22:36:30 +01:00
Alexandre ZANNI c7a292c19d
XSS using base64 encoded href data in a link 2019-01-10 18:24:43 +01:00
Swissky ea0bddc18a Windows RCE wildcard + XSS UI redressing 2019-01-08 20:49:05 +01:00
Swissky 2e3aef1a19 Shell IPv6 + Sandbox credential 2019-01-07 18:15:45 +01:00
Swissky 8b39647de6 AWS S3 and Open redirect rewritten 2018-12-29 13:05:29 +01:00
Swissky 67c644a300 Directory traversal / File inclusion rewritten 2018-12-28 00:27:15 +01:00
Swissky e480c9358d SQL wildcard '_' + CSV injection reverse shell 2018-12-26 01:02:17 +01:00
Swissky bd97c0be86 README update + Typo fix in Active Directory 2018-12-25 20:41:43 +01:00
Swissky d57d59eca7 NTLMv2 hash capturing, cracking, replaying 2018-12-25 20:35:39 +01:00
Swissky d5478d1fd6 AWS Pacu and sections + Kerberoasting details 2018-12-25 19:38:37 +01:00
Swissky 82d4ff6c1d References added based on @ngalongc bug-bounty-references 2018-12-25 16:10:15 +01:00
Swissky b9efdb52d3 Linux - PrivEsc - First draft 2018-12-25 15:51:11 +01:00
Swissky 38c3bfbd9f Windows Priv Esc - Unquoted Path, Password looting and Powershell version 2018-12-25 15:19:45 +01:00
Swissky cdc3b5e080 XXE references + summary 2018-12-25 12:08:32 +01:00
Swissky c25af52316 Blind XSS Angular JS 2018-12-24 15:09:43 +01:00
Swissky a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky 9c529535a5 CSRF - Fix image 2018-12-24 14:17:49 +01:00
Swissky 9c878f9b09 CSRF - First draft 2018-12-24 14:14:51 +01:00
Swissky b4aff1a826 Architecture - Files/Intruder/Images and README + template 2018-12-23 00:45:45 +01:00
Swissky e096d10a30
Merge pull request #34 from Fisjkars/master 
Add Springboot actuator intruder
 2018-12-18 14:03:22 +01:00
Maxime Escourbiac b59e24312e
Update Springboot readme 2018-12-18 11:18:50 +01:00
Fisjkars 5b7a3a95d3 Add Springboot Actuator management interface 
new file:   Insecure management interface/README.md
	new file:   Insecure management interface/intruders/springboot_actuator.txt
 2018-12-18 11:05:15 +01:00
Swissky 69c1d601fa Kerberoasting + SQLmap write SSH key 2018-12-15 00:51:33 +01:00
Swissky 8403068681
Merge pull request #32 from Meatballs1/Meatballs1-patch-1 
Busybox httpd.conf file upload payload
 2018-12-14 10:25:04 +03:00