Mirrors/PayloadsAllTheThings

mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 14:22:47 +00:00

Author	SHA1	Message	Date
Swissky	85a50869f2	Merge pull request #482 from khiemtq-cyber/xss/angular-xss-1 [update] Angular XSS payload	2022-04-18 21:01:44 +02:00
Ooggle	39d1c6e7d8	Add document blacklist bypass	2022-04-09 12:55:21 +02:00
ktq-cyber	5d898e004f	[update] Angular XSS payload	2022-02-23 22:26:16 +07:00
Philippe Arteau	9d30f792d4	Remove filename with special characters. The filename are already covered in `XSS Injection/README.md`	2021-10-29 12:56:55 -04:00
Philippe Arteau	16986febde	Remove filename with special characters. The filename are already covered in `XSS Injection/README.md`	2021-10-29 12:56:41 -04:00
Philippe Arteau	7443da045a	Remove filename with special characters. The filename are already covered in `XSS Injection/README.md`	2021-10-29 12:56:25 -04:00
Markus	7996b4f905	Update XSS README.md Remove unnecessary complexity from CSP bypass payload	2021-10-01 16:10:23 +02:00
Lorenzo Grazian	7369ee28b3	Added XSS <object> payload	2021-09-02 15:14:29 +02:00
Swissky	1e85308ae2	Merge pull request #395 from daffainfo/patch-1 Adding Cloudflare XSS payload	2021-08-25 22:21:54 +02:00
Swissky	f89597725a	Merge pull request #416 from Bort-Millipede/master Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…	2021-08-25 22:17:53 +02:00
Alexandre ZANNI	4791962be5	document.domain, window.origin and console.log usage	2021-08-24 20:29:02 +02:00
Jeffrey Cap	9bde75b32d	Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload	2021-08-23 14:41:40 -05:00
Swissky	87be30d3b2	DB2 Injection + ADCS	2021-08-10 23:00:19 +02:00
Xib3rR4dAr	ae98d629f0	Update README.md Removed duplicates.	2021-08-04 09:29:24 +05:00
Swissky	1fd9260d1e	Update README.md	2021-07-31 11:28:23 +02:00
c14dd49h	ee12f8e480	Update README.md	2021-07-22 16:55:03 +02:00
c14dd49h	eddc716d8c	Update README.md	2021-07-22 14:47:36 +02:00
Muhammad Daffa	2b6c3cb360	Adding Cloudflare XSS payload	2021-07-15 12:48:02 +07:00
PinkDev1	21c1690adf	Fixed typo on "Tips" section	2021-06-16 19:24:17 +00:00
Swissky	62b897c936	Merge pull request #376 from noraj/patch-2 XSS: add quick tips for bXSS	2021-06-16 13:56:29 +02:00
Alexandre ZANNI	c469236204	XSS: add quick tips for bXSS	2021-06-16 13:25:46 +02:00
Alexandre ZANNI	8547ac7dfc	XSS: remove bluelotus the project is empty	2021-06-16 13:18:08 +02:00
Swissky	08b59f2856	AD update CME+DCOM	2021-04-21 22:27:07 +02:00
linoskoczek	825295e465	Update README.md Fix broken links in Summary	2021-03-18 19:16:59 +00:00
lapolis_aka_blu	6f758ba6c0	Added closing bracket in unicode full width bypass Yeah I know it is logic to use it if you really need the closing tag. But having both brackets in your repo makes it quicker to copy paste :D	2021-01-15 16:38:51 +00:00
Swissky	f7e8f515a5	Application Escape and Breakout	2020-12-17 08:56:58 +01:00
Max Boll	2a65064d15	little update	2020-10-27 14:10:35 +01:00
Max Boll	350c55a1ac	XSS Tools added	2020-10-27 13:31:37 +01:00
Vincent Gilles	0b90094002	Fix(Docs): Correcting typos on the repo	2020-10-17 22:52:35 +02:00
Max Rodrigo	2f40961990	Fix PHP XSS data collector line breaks	2020-09-05 10:36:58 +02:00
Viren Pawar	0266a7dd67	[Update] Added 1 payload Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application. Working proof of payload here: https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x={{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}	2020-08-15 16:29:13 +05:30
Swissky	c7e3ea005e	Powershell Remoting	2020-08-09 12:15:56 +02:00
Swissky	dd40ddd233	XSS summary subentries + GraphTCP	2020-07-12 14:44:33 +02:00
looCiprian	93a372cea4	Add jsfuck bypassing method to xss cheat sheet	2020-06-23 18:34:02 +02:00
reza.duty	010b550dec	Update README.md	2020-06-17 11:42:26 +04:30
reza.duty	03a0bda20d	Update README.md	2020-06-09 20:05:32 +04:30
Swissky	7f1c150edd	Mimikatz Summary	2020-05-10 16:17:10 +02:00
Thomas Orlita	d0bb0f6f5b	Update CSP Evaluator blog link	2020-05-10 10:32:51 +02:00
reza.duty	eb28e4c28d	add Self Closing Script	2020-05-06 22:57:55 +04:30
Swissky	5163ef902c	XSS Google Scholar Payload + Skeleton Key Persistence	2020-05-03 16:28:17 +02:00
Swissky	e9b296adb3	DoyenSec Payloads XSS Google Scholar	2020-05-02 14:31:33 +02:00
bohdansec	c4af354d8f	Update Cloudflare XSS bypasses Add 3 bypasses by Bohdan Korzhynskyi. Update twitter	2020-04-22 00:51:36 +03:00
Çlirim Emini	d3ce3924a9	Create 0xcela_event_handlers.txt	2020-01-15 17:00:26 +01:00
Kyle Martin	e95b0c34a3	clarify AngularJS vs Angular	2019-12-07 10:54:47 +13:00
clem9669	286f7caaa3	Bypass XSS filters on alert Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.	2019-12-03 15:24:24 +01:00
Minh Triet Pham Tran	f44d014fc2	Copy this -> Cut this Change copy to cut instruction	2019-12-02 12:59:54 +07:00
Swissky	f6d5221a85	SID history break trust + Powershell history + SCF files	2019-11-07 23:21:00 +01:00
Swissky	6fecedd880	MXSS - Mutated XSS - Google POC	2019-11-06 18:32:29 +01:00
nizam0906	ab341cff38	Updated Blind XSS endpoint * User Agent * Comment Box	2019-10-28 16:51:36 +05:30
nizam0906	aef5bb864a	Update jsonp_endpoint.txt Added 3 yahoo jsonp endpoints * https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337) * https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337) * https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-	2019-10-25 22:27:16 +05:30

1 2

65 commits