Mirrors/PayloadsAllTheThings

mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-14 07:12:54 +00:00

Author	SHA1	Message	Date
FatEarthler	975dde665a	added 'xss_alert_identifiable.txt' same as 'xss_alert.txt', but with identifiable payloads (e.g. alert(1992) instead of just alert(1)). This is useful in case of stored xss, when you inject all the payloads and then need to identify which payloads were successful.	2024-09-14 22:14:45 +02:00
Swissky	c5802aad67	Fix uppercase links and anchor	2024-09-13 22:43:18 +02:00
Swissky	541d89be64	Fix broken pictures	2024-09-13 21:59:29 +02:00
Swissky	3eae8d7458	Fix typo and structure	2024-09-11 17:07:51 +02:00
Swissky	99f3557415	Randomness mt_rand + Analytics	2024-09-06 21:59:41 +02:00
Swissky	1dae291696	IIS MachineKeys + CI/CD + CSPT + ORM leak	2024-08-26 11:27:47 +02:00
Swissky	314e4da963	SSRF DNS AXFR + LFI PHAR payloads + LFI iconv	2024-06-16 21:17:42 +02:00
Swissky	7e4a38a1a5	Merge pull request #725 from masquerad3r/master Create port_swigger_xss_cheatsheet_event_handlers.txt	2024-06-06 17:52:33 +02:00
masquerad3r	eca067dd7e	Create port_swigger_xss_cheatsheet_event_handlers.txt Updated list of event handlers taken from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#event-handlers. Useful when the context of reflection is an HTML attribute and one quickly wants to check which attributes are reflected unfiltered by the target application.	2024-06-06 10:46:13 +02:00
Swissky	c34a2bac15	WAF bypass moved to a separate page	2024-06-03 09:55:29 +02:00
Swissky	2e73069238	XSS Tel URI	2024-06-03 09:37:24 +02:00
Swissky	6d3fef0df3	Merge pull request #723 from cydave/master Add additional XSS payload in email addresses RFC5322	2024-06-02 11:25:45 +02:00
Swissky	cb69cecd11	Merge pull request #721 from MarkCyber/master DBMS Identification Via Error	2024-06-02 11:23:13 +02:00
Swissky	25c94f809a	Uniqid + reset-tolkien and sandwich attack	2024-05-31 16:31:23 +02:00
dave	fcf69f8226	Add additional XSS payload in email addresses RFC5322	2024-05-31 13:27:32 +02:00
Swissky	b5251a673f	XSLT payloads + Headless Browser	2024-05-31 00:07:21 +02:00
Swissky	ded1d95735	ASP Cookieless + ReDOS backtrack	2024-05-29 23:23:51 +02:00
Swissky	67adf75bc2	CSP updates + Indirect Prompt Injection	2024-05-29 15:32:58 +02:00
Mark	c3af630e1d	Update README.md	2024-05-26 10:40:54 -04:00
Mark	867f243100	Update README.md	2024-05-26 10:32:01 -04:00
Swissky	f723bcbf8a	Merge pull request #718 from idealphase/master Update Ruby.md	2024-05-05 13:08:50 +02:00
Swissky	670b301b1c	Merge pull request #717 from nojanath/master Fix link to SecLists/content-type.txt	2024-05-05 13:07:57 +02:00
idealphase	33d9e24bed	Update Ruby.md Change from the invalid 404 URL to the valid one. (https://pentesterlab.com/exercises/ruby_ugadget/course)	2024-05-05 16:16:36 +07:00
Jonathan Thompson	7a68102a3c	Fix link to SecLists/content-type.txt	2024-05-04 11:12:54 -07:00
Swissky	53d9014b2b	Regular Expression ReDoS	2024-04-25 17:37:16 +02:00
Swissky	43a8c6a037	Adding socials buttons	2024-04-24 22:02:04 +02:00
Swissky	b245d3cbdd	Mkdocs accessibility and search improvement	2024-04-15 21:20:02 +02:00
Swissky	293723d49d	Merge pull request #712 from bsysop/patch-4 Adding "Hetzner Cloud" to the Summary	2024-04-05 18:55:52 +02:00
bsysop	dc461f170e	Adding "Hetzner Cloud" to the Summary	2024-04-05 11:55:54 -03:00
Swissky	9571306b9f	Merge pull request #711 from bsysop/patch-3 Adding Hetzner Cloud Metadata URL	2024-04-05 15:53:05 +02:00
bsysop	3c9fdec3da	Adding Hetzner Cloud Metadata URL https://docs.hetzner.cloud/#server-metadata	2024-04-04 23:43:34 -03:00
Swissky	80dda8beeb	Merge pull request #710 from mohnad-0b/patch-1 Update SQLite Injection.md	2024-04-03 18:15:31 +02:00
Swissky	8ef458db2a	Merge pull request #708 from xplo1t-sec/master bypass techniques added	2024-04-03 18:15:03 +02:00
mohnad banat	d834abe43c	Update SQLite Injection.md Since sqlite version 3.33.0, sqlite_schema has been replaced by sqlite_master.	2024-04-01 20:46:09 +03:00
Swissky	b19dc0626a	CICD - Mkdocs fixed the fonts problem	2024-03-31 16:03:48 +02:00
Swissky	55afcb12fb	Removing social plugins from Mkdocs	2024-03-30 13:20:56 +01:00
Swissky	9cabd995fb	Merge pull request #709 from mpgn/master switch to nxc as cme is archived	2024-03-29 22:36:26 +01:00
mpgn	0d98284034	switch to nxc as cme is archived	2024-03-29 21:22:18 +00:00
xplo1t-sec	033982dc30	bypass techniques added	2024-03-09 21:46:33 +05:30
Swissky	dd2b68b70e	PHP Deserialization + API keys table typo	2024-02-18 15:29:21 +01:00
Swissky	97cfeee270	Tools Update	2024-01-21 21:39:23 +01:00
Swissky	12c6531ad2	README - Update links to Internal All The Things	2024-01-12 16:18:36 +01:00
Swissky	c852118ec8	Web Cache Deception + phpt file format	2024-01-11 12:20:25 +01:00
Swissky	4b77292aeb	Merge pull request #704 from therealtoastycat/patch-1 Adding reverse shell payload for OGNL	2024-01-05 15:45:19 +01:00
ToastyCat	05f441accf	Update Reverse Shell Cheatsheet.md adding details	2024-01-05 10:25:39 +01:00
Swissky	c6f96f7b2a	Merge pull request #703 from Aftab700/JSON-Prototype-Pollution adding the payload for Polluting the prototype via the `constructor` property in JSON input	2024-01-05 10:24:16 +01:00
Swissky	f96c1e4356	Merge pull request #701 from Vunnm/patch-1 specify condition to perform Angular JS Injection	2024-01-05 10:23:50 +01:00
ToastyCat	3d9363fdc9	Adding reverse shell payload for OGNL	2024-01-05 09:50:43 +01:00
Aftab Sama	08063f0830	adding the payload for Polluting the prototype via the `constructor` property in JSON input Somtimes `__proto__` property may not work, so adding the payload for Polluting the prototype via the `constructor` property in JSON input	2024-01-03 17:24:28 +05:30
Vunnm	27d19813f8	specify condition to perform Angular JS Injection Indicate that ng-app in a root element is needed to inject Angular JS template. Injecting below payload without a root element with ng-app will not result in a successful injection	2023-12-28 13:30:49 +01:00

1 2 3 4 5 ...

1934 commits