weyne/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/weyne85/PayloadsAllTheThings.git synced 2025-10-29 16:57:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,300 Commits 4 Branches 4 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Brian Stadnicki 03427da534 SQLite Injection add extract database structure
2021-12-07 06:51:27 +00:00
_template_vuln
SAML exploitation + ASREP roasting + Kerbrute
2019-03-24 13:16:23 +01:00
.github
DSRM Admin
2021-01-08 23:41:50 +01:00
Account Takeover
Office Attacks
2021-02-21 20:17:57 +01:00
API Key Leaks
UnPAC The Hash + MachineKeys.txt
2021-10-26 21:56:39 +02:00
AWS Amazon Bucket S3
Fix AWS duplicated tool enumerate-iam
2020-12-18 22:52:21 +11:00
Command Injection
Fixed arrow characters in shell prompts for clarity
2021-09-29 07:39:07 +02:00
CORS Misconfiguration
Fix typos
2020-12-13 04:34:10 +11:00
CRLF Injection
CORS and CRLF README.md updated
2020-10-25 11:07:50 +01:00
CSRF Injection
Added referer header validation check in CSRF
2021-06-23 10:05:14 +09:00
CSV Injection
Update README.md
2021-03-16 19:17:01 -06:00
CVE Exploits
Fix typos
2020-12-13 04:34:10 +11:00
Dependency Confusion
Update README.md
2021-08-09 04:29:45 +06:00
Directory Traversal
Update directory traversal wordlist
2021-10-11 10:11:10 +02:00
DNS Rebinding
Add DNS rebinding
2021-10-27 16:19:56 -04:00
File Inclusion
Backwards compatibility for Python 2
2021-08-11 20:40:39 +01:00
GraphQL Injection
Dependency Confusion + LDAP
2021-07-04 13:32:32 +02:00
HTTP Parameter Pollution
Fixed typo
2021-10-30 11:44:33 +08:00
Insecure Deserialization
Dependency Confusion + LDAP
2021-07-04 13:32:32 +02:00
Insecure Direct Object References
Command injection rewritten
2019-04-21 19:50:50 +02:00
Insecure Management Interface
Add Springboot Actuator RCE
2020-10-28 12:05:12 -04:00
Insecure Source Code Management
Fix ToC
2021-02-04 00:47:00 +11:00
JSON Web Token
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Kubernetes
Add kubescape to kubernetes tools
2021-11-01 23:08:04 +02:00
LaTeX Injection
Update README.md
2021-09-29 07:28:11 +02:00
LDAP Injection
Dependency Confusion + LDAP
2021-07-04 13:32:32 +02:00
Methodology and Resources
Add alternatives for AD ACL abuse from Linux
2021-11-15 17:36:05 +01:00
NoSQL Injection
NoSQLi: add POST with urlencoded body
2021-11-07 17:49:50 +01:00
OAuth
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
2019-05-12 21:34:09 +02:00
Open Redirect
Update README.md
2021-10-01 13:42:12 +05:30
Race Condition
Race Condition - First Draft
2020-01-26 12:43:59 +01:00
Request Smuggling
Add PortSwigger http-desync reborn article
2021-01-17 04:23:38 +11:00
SAML Injection
XSW 4 Fix #205
2020-05-12 14:27:25 +02:00
Server Side Request Forgery
Update README.md
2021-11-09 13:57:09 +01:00
Server Side Template Injection
Update README.md
2021-10-26 20:35:04 +03:00
SQL Injection
SQLite Injection add extract database structure
2021-12-07 06:51:27 +00:00
Tabnabbing
Fix typos
2020-12-13 04:34:10 +11:00
Type Juggling
AMSI + Trust
2020-12-08 14:31:01 +01:00
Upload Insecure Files
File Upload Update
2021-07-14 17:10:04 +02:00
Web Cache Deception
Fix(Docs): Correcting typos on the repo
2020-10-17 22:52:35 +02:00
Web Sockets
Added: Cross-Site WebSocket Hijacking (CSWSH)
2020-04-11 16:24:32 +02:00
XPATH Injection
Bind shell cheatsheet (Fix #194)
2020-05-24 14:09:46 +02:00
XSLT Injection
AD mitigations
2019-12-26 12:09:23 +01:00
XSS Injection
Remove filename with special characters.
2021-10-29 12:56:55 -04:00
XXE Injection
Update XXE Injection
2021-10-18 10:13:30 +02:00
.gitignore
Shell IPv6 + Sandbox credential
2019-01-07 18:15:45 +01:00
BOOKS.md
add links books
2021-10-12 20:33:31 +02:00
CONTRIBUTING.md
Upload Methodology
2020-09-27 11:16:50 +02:00
LICENSE
Create License
2019-05-25 16:27:35 +02:00
README.md
Update README.md
2020-08-22 23:45:49 +02:00
TWITTER.md
Added gentilkiwi twitter
2021-07-27 04:17:36 +00:00
YOUTUBE.md
Update YOUTUBE.md
2020-10-08 10:01:45 +02:00

README.md

Payloads All The Things Tweet

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

Description
No description provided
Readme MIT 17 MiB
Languages
Python 86.2%
Ruby 6.4%
ASP.NET 3.8%
Classic ASP 1.4%
PHP 1.3%
Other 0.8%