Swissky
|
70f38d5678
|
Payloads - Quick fix
|
2018-02-23 13:48:51 +01:00 |
|
Swissky
|
b87c3fd7ff
|
Traversal Dir + NoSQL major updates + small addons
|
2018-02-15 23:27:42 +01:00 |
|
Swissky
|
40fa20ec63
|
Merge pull request #13 from soffensive/master
Added payloads to detect more reliably blind NoSQL injection
|
2018-01-26 20:14:51 +01:00 |
|
soffensive
|
4892dc6577
|
Further payload added
|
2018-01-26 13:31:52 +01:00 |
|
soffensive
|
be12684bc0
|
Added payload to detect more reliably blind NoSQL injection
|
2018-01-26 13:28:57 +01:00 |
|
Swissky
|
3793d91fd4
|
Mimikatz + Credential Windows + XXE update
|
2017-12-06 20:40:29 +01:00 |
|
Swissky
|
2c048f7b52
|
SSRF Ip script + DDL & Execute Windows
|
2017-11-24 09:57:48 +01:00 |
|
Swissky
|
fea88a5738
|
SVG XSS + SSRF enclosed alphanumerics
|
2017-11-19 14:01:36 +01:00 |
|
Swissky
|
f740d8e825
|
MySQL - Code exec
|
2017-11-09 09:05:50 +01:00 |
|
Swissky
|
edd5f3601f
|
File inclusion - more intruders
|
2017-10-21 16:48:17 +02:00 |
|
Swissky
|
6b1c98010d
|
Merge pull request #10 from melvinsh/master
Add CSRF to OAuth2
|
2017-10-16 09:55:31 +02:00 |
|
Melvin Lammerts
|
59971e95d2
|
Add CSRF to OAuth2
Not sure if it qualifies as a _payload_ but I'll let you be the judge of that :)
|
2017-10-16 08:41:43 +02:00 |
|
Swissky
|
d16aec6f6a
|
Tomcat CVE-2017-12617
|
2017-10-10 10:19:14 +02:00 |
|
Swissky
|
a2d5fe5cad
|
Upload .htaccess to PHP code exec
|
2017-10-09 23:17:31 +02:00 |
|
Swissky
|
6ad7965efc
|
SSRF AWS + Shell.php{3,4,5,7}
|
2017-09-27 14:37:07 +02:00 |
|
Swissky
|
87ef554e40
|
LFI to RCE via input:// stream
|
2017-09-24 00:37:56 +02:00 |
|
Swissky
|
3e6043be32
|
LFI - PHPSessid technique, more bypass and files
|
2017-09-24 00:32:55 +02:00 |
|
Swissky
|
278a130940
|
Command Exec - ``, $() and more bypasses
|
2017-09-23 23:30:40 +02:00 |
|
Swissky
|
e7cb8a2ce1
|
SSRF - Gopher Protocol
|
2017-09-19 20:35:18 +02:00 |
|
Swissky
|
1ca215d5d7
|
Multiple update - LFI/RCE via phpinfo, Struts2 v2
|
2017-09-13 23:55:29 +02:00 |
|
Swissky
|
c36d31ec5d
|
LFI via /proc/*/fd + upload
|
2017-08-15 02:37:09 +02:00 |
|
Swissky
|
901d279fb3
|
RCE no {}, no space
|
2017-08-13 16:35:12 +02:00 |
|
Swissky
|
9adb81e6d8
|
SSRF URL Scheme + XXE Soap
|
2017-08-07 21:42:14 +02:00 |
|
Swissky
|
91e3c6906c
|
Merge pull request #7 from rakeshmane/master
Update README.md
|
2017-08-07 19:29:35 +02:00 |
|
Rakesh Mane
|
6e42b617cc
|
Update README.md
|
2017-08-07 21:22:36 +05:30 |
|
Swissky
|
dad26ce5e5
|
More Burp Intruder file - SQLi + Path traversal + XSS
|
2017-08-06 01:12:41 +02:00 |
|
Swissky
|
694b980817
|
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
|
2017-08-03 21:36:38 +02:00 |
|
Swissky
|
635b9f87f7
|
Reverse Shell Cheatsheet
|
2017-08-03 21:35:43 +02:00 |
|
Swissky
|
9c9e1cc082
|
Merge pull request #6 from unl1k3ly/patch-1
Update README.md
|
2017-08-01 11:43:11 +02:00 |
|
unl1k3ly
|
be624c99ca
|
Update README.md
check bucket disk size
|
2017-08-01 08:37:04 +10:00 |
|
Swissky
|
af48fc1ed4
|
More intruders folder - for BurpSuite
|
2017-07-30 13:42:32 +02:00 |
|
Swissky
|
8a3693855f
|
XSS Intruder + Eicar + SSRF http://0
|
2017-07-30 13:17:00 +02:00 |
|
Swissky
|
064467ecfc
|
SSTI + XSS Flash
|
2017-07-16 16:30:08 +02:00 |
|
Swissky
|
77e2fc8226
|
LDAP & XPATH injection + Small fixes and payloads
|
2017-07-14 23:40:31 +02:00 |
|
Swissky
|
9907a55c24
|
Image Magick - More payloads
|
2017-07-09 17:16:42 +02:00 |
|
Swissky
|
c4b49fa5ac
|
Open Redirect Payloads updated
|
2017-07-06 21:02:19 +02:00 |
|
Swissky
|
6070ece522
|
Symbolic Link Zip + SQL injection ORDER BY
|
2017-07-04 23:17:59 +02:00 |
|
Swissky
|
a1fbd41bbb
|
Wrapper PHP inclusion updated
|
2017-07-02 23:10:34 +02:00 |
|
Swissky
|
ab63a537e7
|
FFMpeg injection - Bypass and explanation
|
2017-06-28 22:45:36 +02:00 |
|
Swissky
|
240e46e1e1
|
XXE via DTD and PHP Filter
|
2017-06-28 21:43:30 +02:00 |
|
Swissky
|
43f8367df0
|
Update Image Tragick payloads
|
2017-06-28 11:23:16 +02:00 |
|
Swissky
|
220e9cb8bd
|
FFMpeg HLS - read passwd/shadow
|
2017-06-26 21:32:10 +02:00 |
|
Swissky
|
d97cb891df
|
AWS Bucket : Listings open bucket/reading and access
|
2017-06-18 18:42:12 +02:00 |
|
Swissky
|
f131aebce4
|
SSRF updates and methodology aquatone tool
|
2017-06-17 23:20:24 +02:00 |
|
Swissky
|
7c865ab8aa
|
CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated
|
2017-06-05 14:57:28 +02:00 |
|
Swissky
|
2e75cbe25a
|
Git insecure files renamed + svn method added
|
2017-06-04 17:58:09 +02:00 |
|
Swissky
|
94470a2544
|
More payloads for XSS/SQL/LFI/Upload and XXE
|
2017-06-04 17:22:26 +02:00 |
|
Swissky
|
58aed12c9d
|
CRLF injection updated
|
2017-05-29 20:41:05 +02:00 |
|
Swissky
|
e89e4fd312
|
Methodology updated with RPCClient, User enumeration
|
2017-05-17 20:40:45 +02:00 |
|
Swissky
|
62f686dc1f
|
Methodology updated - Dorks, Subdomains, Nmap
|
2017-05-01 22:40:36 +02:00 |
|