Find a file
2016-10-25 00:16:42 +07:00
CRLF injection Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
CSV injection Fix in juggling type + CSV injection 2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed CVE Heartbleed and Shellshcok added 2016-10-20 09:54:29 +07:00
Open redirect Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
PHP include Bug SVG payload 2016-10-25 00:16:42 +07:00
PHP juggling type Fix in juggling type + CSV injection 2016-10-20 10:50:12 +07:00
PHP serialization PHP object injection 2016-10-20 11:02:19 +07:00
Remote commands execution Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
SQL injection Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
SSRF injection Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Tar commands execution Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
Traversal directory Traversal Dir files + Updates XSS 2016-10-21 06:12:00 +07:00
Upload insecure files Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
XSS injection Update LFI and XSS 2016-10-25 00:15:10 +07:00
XXE files Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
README.md PHP object injection 2016-10-20 11:02:19 +07:00

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads (I <3 pull requests) :)

To improve:

  • RCE
  • SQL injection
  • XXE
  • SSRF
  • Upload
  • Tar command exec
  • Traversal Directory
  • XSS
  • PHP Include
  • CSV Injection
  • PHP Serialization