admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,179 Commits 2 Branches 7 Tags
3ca2ecee212f892d89ea07a2bbab82e9b8c56d33
Commit Graph

191 Commits

Author SHA1 Message Date
Swissky
497fbe925b Archive external reference links via Wayback Machine 
Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
 2026-03-09 13:02:28 +01:00
Swissky
d8e749cdc5 Fix title error 2026-03-02 18:23:58 +01:00
Swissky
ae9c45f474 Fix markdown linter 2026-03-02 18:07:33 +01:00
Swissky
b60551efe9 Fix CI/CD markdown 2026-03-02 18:04:20 +01:00
Swissky
3051fc8115 Fix formatting issues in SpEL section of Java.md 2026-03-02 17:58:19 +01:00
Swissky
3c063a8616 Fix formatting for SpEL and OGNL examples in Java.md 2026-03-02 17:57:38 +01:00
Swissky
5c487edc05 Change title to 'Elixir Deserialization' and update content 
Updated the title and provided a brief overview of Server-Side Template Injection in Elixir.
 2026-03-02 17:52:24 +01:00
vladko312
dac581547e SSTI: 
- Added Elixir/EEx payloads
- Added OGNL payloads
- Clarified SpEL payloads and details
- Fixed PHP Error-Based payloads
- Added Twig Error-Based payload for CVE-2022-23614
Insecure Deserialization:
- Improved Python payloads
 2026-02-22 21:18:54 +03:00
Swissky
08b5c4c868 Unordered list style [Expected: dash; Actual: asterisk] 2026-01-03 22:50:37 +01:00
vladko312
bec6524774 SSTI: 
- Fixed NodeJS payloads
 2026-01-03 23:19:26 +03:00
vladko312
09a5f07345 SSI, SSTI: 
- Improved MarkDown
 2026-01-03 22:20:19 +03:00
Vladislav Korchagin
4831e36fb8 Merge branch 'master' into master 2026-01-03 19:06:57 +03:00
vladko312
abbbf2fc95 SSTI: 
- Fixed NodeJS payloads
 2026-01-03 18:43:24 +03:00
Swissky
d345536ff4 Fix markdown linting 2026-01-03 15:47:05 +01:00
vladko312
7fb2ff75d7 SSI: 
- Added SSTImap to the tools, as it now supports SSI detection and exploitation
SSTI:
- Added description for known detection and exploitation techniques
- Added payloads for universal detection
- Added universal payloads for different languages
- Added Error-Based and Boolean-Based payloads
- Moved SpEL payloads using `T()` to the correct category
- Moved Pug payloads to the correct language and updated info to reflect the actual name
 2026-01-03 05:20:04 +03:00
brumens
a957c3f96d Fixed markdown linting 2025-12-15 11:30:06 +01:00
brumens
5f1a39d272 Added author to research reference 2025-12-03 14:09:02 +01:00
brumens
3cf745b90c Added Jinja and Mako obf payloads 2025-12-03 14:07:37 +01:00
brumens
e2ce1c96dc Added Smarty and Twig obf payload 2025-12-03 14:05:41 +01:00
brumens
7ca2ca2a75 Added Groovy and FreeMarker obf payloads 2025-12-03 13:58:49 +01:00
brumens
52daa1d820 Updated SSTI Reference 2025-12-03 13:58:27 +01:00
Swissky
832b54fd95 Syntax Highlighting SSTI 2025-11-15 17:11:42 +01:00
n3rada
f3cdd4ff0c fix(markdown): add blank lines around fenced code blocks to satisfy MD031 2025-08-13 18:29:00 +00:00
n3rada
d04a38a67c refactor(template): rename Velocity payload variables for clarity 2025-08-13 18:14:47 +00:00
n3rada
edbf3386a3 Update Java.md 2025-07-21 18:33:56 +02:00
Swissky
f344fa50a6 Fix typo 2 2025-03-27 11:24:46 +01:00
Swissky
ab7e7390dc Fix broken links 2025-03-27 11:16:36 +01:00
Swissky
bad860d79d Markdown Linting - SSI, SSRF, SSTI 2025-03-26 17:49:42 +01:00
hacker
64b36854a7 External Variable Modification 2025-03-07 12:15:00 +01:00
Swissky
32d9f7550d XPATH + XSS + XXE + XSLT 2024-11-30 21:14:51 +01:00
Swissky
9425cec068 Handlebars - Basic Injection 2024-11-25 18:42:36 +01:00
Swissky
6bfad6a84d SSTI - SpEL 2024-11-25 13:56:29 +01:00
Swissky
a338b2f12a Normalize page header for SSTI, SAML, SSI 2024-11-10 19:14:16 +01:00
Swissky
b2bb1df9a9 References addded for SQLi, Upload, SSTI, Type Juggling 2024-11-07 20:54:16 +01:00
Swissky
138fbd97f9 Account Takeover References 2024-11-03 21:22:14 +01:00
Swissky
21dfd91180 SSTI references updates 2024-11-03 20:54:01 +01:00
Swissky
d77ef2c4fc Templating Libraries Tables 2024-11-02 17:42:18 +01:00
Alexandre ZANNI
eca0bd1b36 SSTI: engine detection 2024-11-01 22:20:50 +01:00
Swissky
6ee918b060 SSTI update 2024-10-23 14:17:18 +02:00
Swissky
7ec97bb77e SSTI - Pages splitted by technology 2024-10-23 13:59:18 +02:00
Swissky
97cfeee270 Tools Update 2024-01-21 21:39:23 +01:00
Maximilian Hildebrand
db1357bb3c Added TInjA and the Template Injection Table 
Both are novel tools to help Pentesters / Bug bounty hunters to detect template injections
 2023-12-03 13:15:47 +01:00
2h0ng
34da0e2708 Update Lodash SSTI 
Update Lodash SSTI
 2023-09-02 21:24:59 -04:00
KeoOp
598d2ca3fa Update README.md 2023-06-07 14:15:07 +08:00
Rémi GASCOU (Podalirius)
b3f98adf0c SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"] 2023-05-09 20:15:02 +02:00
Rémi GASCOU (Podalirius)
9c2b040242 Adding Jinja2 RCE through lipsum in Templates 2023-05-09 18:34:35 +02:00
Tom Wilford
c1dc141e13 Added 'passthru' filter exploits 2023-04-28 14:47:59 +01:00
Swissky
a38701a7e2 MOTD + SpEL injection 2023-02-20 17:21:43 +01:00
Alexandre ZANNI
89782643c9 SSTI: add some jinja2 examples 2023-01-28 15:29:54 +01:00
Swissky
ec7c363aba Merge pull request #592 from oddrabbit/patch-1 
Added in Spring Framework SSTI Detection & Exploitation
 2022-12-28 10:55:13 +01:00