mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-09-20 14:32:04 +00:00

Mirror of https://github.com/swisskyrepo/PayloadsAllTheThings

bounty bugbounty bypass cheatsheet enumeration hacking hacktoberfest methodology payload payloads penetration-testing pentest privilege-escalation redteam security vulnerability web-application

Find a file

swisskyrepo dad0a4c4c2 Fix typo in methodology		2016-11-06 16:49:33 +07:00
CRLF injection	Enumeration added and improvement for CRLF/XSS/SQL	2016-11-02 20:26:00 +07:00
CSV injection	Fix in juggling type + CSV injection	2016-10-20 10:50:12 +07:00
CVE Shellshock Heartbleed	CVE Heartbleed and Shellshcok added	2016-10-20 09:54:29 +07:00
NoSQL injection	NOSQL injection added + updates XSS/XXE	2016-10-30 18:53:32 +07:00
Open redirect	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
PHP include	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00
PHP juggling type	Fix in juggling type + CSV injection	2016-10-20 10:50:12 +07:00
PHP serialization	PHP object injection	2016-10-20 11:02:19 +07:00
Remote commands execution	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
SQL injection	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00
SSRF injection	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Tar commands execution	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
Traversal directory	Traversal Dir files + Updates XSS	2016-10-21 06:12:00 +07:00
Upload insecure files	Clean project - Renamed and added PHP juggling type	2016-10-20 10:22:24 +07:00
XSS injection	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00
XXE injections	XXE renamed, little updates in SQL/Include + enum	2016-11-03 23:56:15 +07:00
.gitignore	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00
Methodology_and_enumeration.md	Fix typo in methodology	2016-11-06 16:49:33 +07:00
README.md	Methodology added, XSS payloads updated,little fix	2016-11-06 12:42:50 +07:00

README.md

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

XSS paylods improved
CRLF payloads improved
SQLi payloads improved
Enumeration added (WIP)

Tools

More resources

Book's list:

Web Hacking 101 - https://leanpub.com/web-hacking-101
The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Blogs/Websites