admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,179 Commits 2 Branches 7 Tags
3ca2ecee212f892d89ea07a2bbab82e9b8c56d33
Commit Graph

90 Commits

Author SHA1 Message Date
Swissky
497fbe925b Archive external reference links via Wayback Machine 
Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
 2026-03-09 13:02:28 +01:00
Swissky
2611dd1ba3 Markdown Linting - SQL, Juggling, XSLT, XSS, Zip 2025-03-26 20:53:03 +01:00
Swissky
32d9f7550d XPATH + XSS + XXE + XSLT 2024-11-30 21:14:51 +01:00
Swissky
0a5ecc407c Normalize page header for Web Socket, XSLT, XSS, XXE 2024-11-10 21:15:44 +01:00
Swissky
4f0e6334bd References updated for XSS + page splitted in subcategories 2024-11-08 18:23:43 +01:00
Swissky
37641d2b9e References updated for XPATH, XSLT, XXE, Web Socket 2024-11-07 23:50:30 +01:00
Swissky
6e77f624f2 Merge pull request #728 from isacaya/add_xss_bypass 
Add a few XSS filter bypass cases
 2024-11-02 15:16:46 +01:00
Swissky
9866fef5b4 Bypass CSP, technique from #715 2024-11-02 12:26:45 +01:00
Swissky
eb4795047b Merge pull request #746 from TRKBKR/master 
Added oncontentvisibilityautostatechange to XSS in hidden input
 2024-11-02 11:44:08 +01:00
Swissky
acb509d436 SVG XSS fix typo from #729 + files 2024-11-02 11:27:26 +01:00
Swissky
53ba2932ab Merge pull request #729 from noraj/patch-1 
XSS in SVG: more examples + nesting
 2024-11-02 11:21:27 +01:00
ⵟⴰⵕⵉⴽ ⴱⴰⴽⵉⵕ
faeee7270a Update README.md 
addedd contentvisibilityautostatechange_event for hidden input
 2024-10-13 23:23:07 +01:00
Swissky
3eae8d7458 Fix typo and structure 2024-09-11 17:07:51 +02:00
Swissky
1dae291696 IIS MachineKeys + CI/CD + CSPT + ORM leak 2024-08-26 11:27:47 +02:00
Alexandre ZANNI
8e05a2dd2a XSS in SVG: more examples + nesting 2024-06-19 14:54:19 +02:00
isacaya
ca3ab6eb95 Add a few XSS filter bypass cases 2024-06-19 04:21:24 +09:00
Swissky
c34a2bac15 WAF bypass moved to a separate page 2024-06-03 09:55:29 +02:00
Swissky
2e73069238 XSS Tel URI 2024-06-03 09:37:24 +02:00
dave
fcf69f8226 Add additional XSS payload in email addresses RFC5322 2024-05-31 13:27:32 +02:00
Swissky
67adf75bc2 CSP updates + Indirect Prompt Injection 2024-05-29 15:32:58 +02:00
Thomas Emerson Glucklich
49bc19e992 Update README.md 2023-11-01 11:32:31 -04:00
Swissky
b8c803717a WDAC Policy Removal + SSRF domains 2023-05-31 14:18:25 +02:00
Swissky
14cc88371d WSL + RDP Passwords + MSPaint Escape 2023-02-11 17:49:55 +01:00
Swissky
514ac98dac SSRF + XSS details + XXE BOM 2022-12-13 22:29:20 +01:00
Swissky
3e9ef2efbe ADFS Golden SAML 2022-11-07 10:10:21 +01:00
Swissky
2227472e1c .NET formatters and POP gadgets 2022-11-03 21:31:50 +01:00
Fabian S. Varon Valencia
8136e462c2 remove old link, I can't find a replacement url 2022-10-26 20:36:52 -05:00
Fabian S. Varon Valencia
3822c27634 update old url's 2022-10-26 20:36:15 -05:00
Cory Cline
a8d8434756 Shortened payload 
Make payload shorter.
 2022-10-13 19:48:20 -05:00
Cory Cline
fbed4254e5 Fixed an oops 
Somehow I deleted line 120 in a prior commit. Fixed.
 2022-10-13 18:52:07 -05:00
Cory Cline
9ee8f092cd Changed link for document.cookie blacklist 
Link was not working due to use of period in title.
 2022-10-13 18:46:52 -05:00
Cory Cline
9a42be1113 Replaced console.log with alert 
It's more common to want alert screenshots vs console screenshots.
 2022-10-13 18:45:55 -05:00
Cory Cline
f23f28c4e2 Shortened payload 
Shortened the document.cookie blacklist bypass payload.
 2022-10-13 18:43:54 -05:00
Cory Cline
5d561ea7d6 Added document.cookie blacklist bypass 
Added an alternative to document.cookie for situations when this text is blacklisted.
 2022-10-13 18:23:36 -05:00
Deep Dhakate
a670a26eea Update 2022-10-02 06:13:01 +00:00
clem9669
88134256c8 Adding brutelogic polyglot 
Adding brutelogic polyglot from blog post.
 2022-09-13 11:58:10 +00:00
its0x08
31b213227e fix: Fix more spelling 2022-08-09 11:05:40 +02:00
idealphase
6738f878f3 Updated README.md 
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
 2022-04-19 10:45:32 +07:00
idealphase
de532030df Merge branch 'swisskyrepo:master' into master 2022-04-19 10:43:04 +07:00
Ooggle
39d1c6e7d8 Add document blacklist bypass 2022-04-09 12:55:21 +02:00
idealphase
e9eac5ca59 Update README.md 2021-11-10 22:40:40 +07:00
idealphase
6c7df7dc4e Update README.md 
Add Bypass dot filter
 2021-11-10 22:38:02 +07:00
Markus
7996b4f905 Update XSS README.md 
Remove unnecessary complexity from CSP bypass payload
 2021-10-01 16:10:23 +02:00
Lorenzo Grazian
7369ee28b3 Added XSS <object> payload 2021-09-02 15:14:29 +02:00
Swissky
1e85308ae2 Merge pull request #395 from daffainfo/patch-1 
Adding Cloudflare XSS payload
 2021-08-25 22:21:54 +02:00
Swissky
f89597725a Merge pull request #416 from Bort-Millipede/master 
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
 2021-08-25 22:17:53 +02:00
Alexandre ZANNI
4791962be5 document.domain, window.origin and console.log usage 2021-08-24 20:29:02 +02:00
Jeffrey Cap
9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Swissky
87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Xib3rR4dAr
ae98d629f0 Update README.md 
Removed duplicates.
 2021-08-04 09:29:24 +05:00