mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00

Mirror of https://github.com/swisskyrepo/PayloadsAllTheThings

bounty bugbounty bypass cheatsheet enumeration hacking hacktoberfest methodology payload payloads penetration-testing pentest privilege-escalation redteam security vulnerability web-application

Find a file

swisskyrepo 2fa9683b8c Updated XSS,SQL,RCE		2016-11-17 10:50:34 +07:00
AWS Amazon Bucket S3	AWS added, XSS and methodology update	2016-11-11 16:03:35 +07:00
CRLF injection	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00
CSV injection	Fix in juggling type + CSV injection	2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed	CVE Heartbleed and Shellshcok added	2016-10-20 09:54:29 +07:00
NoSQL injection	NOSQL injection added + updates XSS/XXE	2016-10-30 18:53:32 +07:00
Open redirect	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
PHP include	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00
PHP juggling type	Fix in juggling type + CSV injection	2016-10-20 10:50:12 +07:00
PHP serialization	PHP object injection	2016-10-20 11:02:19 +07:00
Remote commands execution	Updated XSS,SQL,RCE	2016-11-17 10:50:34 +07:00
SQL injection	Updated XSS,SQL,RCE	2016-11-17 10:50:34 +07:00
SSRF injection	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Tar commands execution	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Traversal directory	Traversal Dir files + Updates XSS	2016-10-21 06:12:00 +07:00
Upload insecure files	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
XSS injection	Updated XSS,SQL,RCE	2016-11-17 10:50:34 +07:00
XXE injections	XXE renamed, little updates in SQL/Include + enum	2016-11-03 23:56:15 +07:00
.gitignore	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00
Methodology_and_enumeration.md	AWS added, XSS and methodology update	2016-11-11 16:03:35 +07:00
README.md	Update RCE payloads and README	2016-11-12 00:17:33 +07:00

README.md

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

XSS paylods improved
Methodology added
AWS Bucket added

Tools

More resources

Book's list:

Web Hacking 101 - https://leanpub.com/web-hacking-101
The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Blogs/Websites