Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 14:22:47 +00:00
Code Issues Projects Releases Packages Wiki Activity
2000 commits 2 branches 6 tags 66 MiB
Commit graph

86 commits

Author SHA1 Message Date
Swissky
4f0e6334bd References updated for XSS + page splitted in subcategories 2024-11-08 18:23:43 +01:00
Swissky
37641d2b9e References updated for XPATH, XSLT, XXE, Web Socket 2024-11-07 23:50:30 +01:00
Swissky
6e77f624f2
Merge pull request #728 from isacaya/add_xss_bypass 
Add a few XSS filter bypass cases
 2024-11-02 15:16:46 +01:00
Swissky
9866fef5b4 Bypass CSP, technique from #715 2024-11-02 12:26:45 +01:00
Swissky
eb4795047b
Merge pull request #746 from TRKBKR/master 
Added oncontentvisibilityautostatechange to XSS in hidden input
 2024-11-02 11:44:08 +01:00
Swissky
acb509d436 SVG XSS fix typo from #729 + files 2024-11-02 11:27:26 +01:00
Swissky
53ba2932ab
Merge pull request #729 from noraj/patch-1 
XSS in SVG: more examples + nesting
 2024-11-02 11:21:27 +01:00
ⵟⴰⵕⵉⴽ ⴱⴰⴽⵉⵕ
faeee7270a
Update README.md 
addedd contentvisibilityautostatechange_event for hidden input
 2024-10-13 23:23:07 +01:00
Swissky
3eae8d7458 Fix typo and structure 2024-09-11 17:07:51 +02:00
Swissky
1dae291696 IIS MachineKeys + CI/CD + CSPT + ORM leak 2024-08-26 11:27:47 +02:00
Alexandre ZANNI
8e05a2dd2a
XSS in SVG: more examples + nesting 2024-06-19 14:54:19 +02:00
isacaya
ca3ab6eb95 Add a few XSS filter bypass cases 2024-06-19 04:21:24 +09:00
Swissky
c34a2bac15 WAF bypass moved to a separate page 2024-06-03 09:55:29 +02:00
Swissky
2e73069238 XSS Tel URI 2024-06-03 09:37:24 +02:00
dave
fcf69f8226 Add additional XSS payload in email addresses RFC5322 2024-05-31 13:27:32 +02:00
Swissky
67adf75bc2 CSP updates + Indirect Prompt Injection 2024-05-29 15:32:58 +02:00
Thomas Emerson Glucklich
49bc19e992
Update README.md 2023-11-01 11:32:31 -04:00
Swissky
b8c803717a WDAC Policy Removal + SSRF domains 2023-05-31 14:18:25 +02:00
Swissky
14cc88371d WSL + RDP Passwords + MSPaint Escape 2023-02-11 17:49:55 +01:00
Swissky
514ac98dac SSRF + XSS details + XXE BOM 2022-12-13 22:29:20 +01:00
Swissky
3e9ef2efbe ADFS Golden SAML 2022-11-07 10:10:21 +01:00
Swissky
2227472e1c .NET formatters and POP gadgets 2022-11-03 21:31:50 +01:00
Fabian S. Varon Valencia
8136e462c2 remove old link, I can't find a replacement url 2022-10-26 20:36:52 -05:00
Fabian S. Varon Valencia
3822c27634 update old url's 2022-10-26 20:36:15 -05:00
Cory Cline
a8d8434756
Shortened payload 
Make payload shorter.
 2022-10-13 19:48:20 -05:00
Cory Cline
fbed4254e5
Fixed an oops 
Somehow I deleted line 120 in a prior commit. Fixed.
 2022-10-13 18:52:07 -05:00
Cory Cline
9ee8f092cd
Changed link for document.cookie blacklist 
Link was not working due to use of period in title.
 2022-10-13 18:46:52 -05:00
Cory Cline
9a42be1113
Replaced console.log with alert 
It's more common to want alert screenshots vs console screenshots.
 2022-10-13 18:45:55 -05:00
Cory Cline
f23f28c4e2
Shortened payload 
Shortened the document.cookie blacklist bypass payload.
 2022-10-13 18:43:54 -05:00
Cory Cline
5d561ea7d6
Added document.cookie blacklist bypass 
Added an alternative to document.cookie for situations when this text is blacklisted.
 2022-10-13 18:23:36 -05:00
Deep Dhakate
a670a26eea Update 2022-10-02 06:13:01 +00:00
clem9669
88134256c8
Adding brutelogic polyglot 
Adding brutelogic polyglot from blog post.
 2022-09-13 11:58:10 +00:00
its0x08
31b213227e fix: Fix more spelling 2022-08-09 11:05:40 +02:00
idealphase
6738f878f3
Updated README.md 
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
 2022-04-19 10:45:32 +07:00
idealphase
de532030df
Merge branch 'swisskyrepo:master' into master 2022-04-19 10:43:04 +07:00
Ooggle
39d1c6e7d8
Add document blacklist bypass 2022-04-09 12:55:21 +02:00
idealphase
e9eac5ca59
Update README.md 2021-11-10 22:40:40 +07:00
idealphase
6c7df7dc4e
Update README.md 
Add Bypass dot filter
 2021-11-10 22:38:02 +07:00
Markus
7996b4f905
Update XSS README.md 
Remove unnecessary complexity from CSP bypass payload
 2021-10-01 16:10:23 +02:00
Lorenzo Grazian
7369ee28b3
Added XSS <object> payload 2021-09-02 15:14:29 +02:00
Swissky
1e85308ae2
Merge pull request #395 from daffainfo/patch-1 
Adding Cloudflare XSS payload
 2021-08-25 22:21:54 +02:00
Swissky
f89597725a
Merge pull request #416 from Bort-Millipede/master 
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
 2021-08-25 22:17:53 +02:00
Alexandre ZANNI
4791962be5
document.domain, window.origin and console.log usage 2021-08-24 20:29:02 +02:00
Jeffrey Cap
9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Swissky
87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Xib3rR4dAr
ae98d629f0
Update README.md 
Removed duplicates.
 2021-08-04 09:29:24 +05:00
Swissky
1fd9260d1e
Update README.md 2021-07-31 11:28:23 +02:00
c14dd49h
ee12f8e480
Update README.md 2021-07-22 16:55:03 +02:00
c14dd49h
eddc716d8c
Update README.md 2021-07-22 14:47:36 +02:00
Muhammad Daffa
2b6c3cb360
Adding Cloudflare XSS payload 2021-07-15 12:48:02 +07:00