weyne/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/weyne85/PayloadsAllTheThings.git synced 2025-10-29 16:57:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
665 Commits 4 Branches 4 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Syed Umar Arfeen c9fcb58d57
Using JWT's module to encode payload with type None 
Before the JWT was being encoded/decoded and that was done manually. The JWT's module does all that without manual decoding and splitting. 

This PR contains the code to encode the JWT token with type None while using JWT's library in python.
2020-04-04 16:03:56 +05:00
_template_vuln
SAML exploitation + ASREP roasting + Kerbrute
2019-03-24 13:16:23 +01:00
.github
Update FUNDING.yml with buymeacoffee
2019-09-13 17:49:47 +02:00
API Key Leaks
Maps API + secretsdump enabled user/pw last set + certutil mimikatz
2020-02-06 21:41:29 +01:00
AWS Amazon Bucket S3
AWS Patterns
2020-02-23 20:58:53 +01:00
Command Injection
Update README.md
2020-03-15 01:11:47 +08:00
CORS Misconfiguration
CORS Misconfiguration
2019-08-18 12:08:51 +02:00
CRLF Injection
Added Summary in CRLF
2019-12-17 22:12:35 +05:30
CSRF Injection
Updated Summary and Fixed Broken Links in CSRF
2019-12-17 22:21:53 +05:30
CSV Injection
HQL Injection + references update
2019-06-16 23:45:52 +02:00
CVE Exploits
fixing typo in file name
2020-01-28 17:41:01 +00:00
Directory Traversal
AD mitigations
2019-12-26 12:09:23 +01:00
File Inclusion
added additional way to chain php filters
2020-02-20 06:40:30 -05:00
GraphQL Injection
CloudTrail disable, GraphQL tool
2020-03-28 12:01:56 +01:00
Insecure Deserialization
Update Java.md
2019-10-30 11:36:09 +08:00
Insecure Direct Object References
Command injection rewritten
2019-04-21 19:50:50 +02:00
Insecure Management Interface
Fix name's capitalization
2019-03-07 00:07:55 +01:00
Insecure Source Code Management
ImageMagik Ghost Script + Typo git summary
2019-06-26 00:07:06 +02:00
JSON Web Token
Using JWT's module to encode payload with type None
2020-04-04 16:03:56 +05:00
Kubernetes
Docker escape and exploit
2020-03-29 16:48:09 +02:00
LaTeX Injection
Fix name's capitalization
2019-03-07 00:07:55 +01:00
LDAP Injection
add ruby script
2020-02-21 23:49:50 +01:00
Methodology and Resources
Delete unnecessary escape characters
2020-03-29 23:40:39 +08:00
NoSQL Injection
Added an alternate possible Found condition to POST
2019-10-29 21:11:56 +02:00
OAuth
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
2019-05-12 21:34:09 +02:00
Open Redirect
Added new payloads
2019-11-14 18:26:35 +08:00
Race Condition
Race Condition - First Draft
2020-01-26 12:43:59 +01:00
SAML Injection
GraphQL + LXD/etc/passwd PrivEsc + Win firewall
2019-06-09 13:46:40 +02:00
Server Side Request Forgery
Update AWS SSRF tips
2020-03-11 15:20:51 +01:00
Server Side Template Injection
Added IFS (WAF bypass) to Symfony Twig RCE
2020-03-29 23:23:26 +02:00
SQL Injection
Update SQLite Injection.md
2020-04-03 23:15:05 +00:00
Type Juggling
Type Juggling - Another SHA 256
2019-07-14 14:23:20 +02:00
Upload Insecure Files
IIS asp shell with .asa, .cer, .xamlx
2019-11-16 14:53:42 +01:00
Web Cache Deception
Fix dead youtube link
2019-10-02 20:09:41 -04:00
Web Sockets
WMI + Cobalt Strike
2020-02-13 22:53:45 +01:00
XPATH Injection
XPATH: add tools
2019-10-26 16:43:36 +02:00
XSLT Injection
AD mitigations
2019-12-26 12:09:23 +01:00
XSS Injection
Create 0xcela_event_handlers.txt
2020-01-15 17:00:26 +01:00
XXE Injection
Merge pull request #128 from noraj/patch-1
2019-12-02 22:38:08 +01:00
.gitignore
Shell IPv6 + Sandbox credential
2019-01-07 18:15:45 +01:00
BOOKS.md
README rewrite : BOOKS and YOUTUBE
2019-05-12 22:43:42 +02:00
LICENSE
Create License
2019-05-25 16:27:35 +02:00
README.md
README - Summary update
2020-03-19 12:03:32 +01:00
YOUTUBE.md
Fix YOUTUBE and BOOKS links
2019-05-12 22:59:22 +02:00

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

Description
No description provided
Readme MIT 17 MiB
Languages
Python 86.2%
Ruby 6.4%
ASP.NET 3.8%
Classic ASP 1.4%
PHP 1.3%
Other 0.8%