admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,174 Commits 2 Branches 7 Tags
497fbe925b127d6e396ff55fe8f34c8b9366555f
Commit Graph

103 Commits

Author SHA1 Message Date
Swissky
497fbe925b Archive external reference links via Wayback Machine 
Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
 2026-03-09 13:02:28 +01:00
Swissky
08b5c4c868 Unordered list style [Expected: dash; Actual: asterisk] 2026-01-03 22:50:37 +01:00
vladko312
09a5f07345 SSI, SSTI: 
- Improved MarkDown
 2026-01-03 22:20:19 +03:00
Vladislav Korchagin
4831e36fb8 Merge branch 'master' into master 2026-01-03 19:06:57 +03:00
vladko312
7fb2ff75d7 SSI: 
- Added SSTImap to the tools, as it now supports SSI detection and exploitation
SSTI:
- Added description for known detection and exploitation techniques
- Added payloads for universal detection
- Added universal payloads for different languages
- Added Error-Based and Boolean-Based payloads
- Moved SpEL payloads using `T()` to the correct category
- Moved Pug payloads to the correct language and updated info to reflect the actual name
 2026-01-03 05:20:04 +03:00
brumens
a957c3f96d Fixed markdown linting 2025-12-15 11:30:06 +01:00
brumens
52daa1d820 Updated SSTI Reference 2025-12-03 13:58:27 +01:00
Swissky
bad860d79d Markdown Linting - SSI, SSRF, SSTI 2025-03-26 17:49:42 +01:00
Swissky
a338b2f12a Normalize page header for SSTI, SAML, SSI 2024-11-10 19:14:16 +01:00
Swissky
138fbd97f9 Account Takeover References 2024-11-03 21:22:14 +01:00
Swissky
21dfd91180 SSTI references updates 2024-11-03 20:54:01 +01:00
Swissky
d77ef2c4fc Templating Libraries Tables 2024-11-02 17:42:18 +01:00
Alexandre ZANNI
eca0bd1b36 SSTI: engine detection 2024-11-01 22:20:50 +01:00
Swissky
6ee918b060 SSTI update 2024-10-23 14:17:18 +02:00
Swissky
7ec97bb77e SSTI - Pages splitted by technology 2024-10-23 13:59:18 +02:00
Swissky
97cfeee270 Tools Update 2024-01-21 21:39:23 +01:00
Maximilian Hildebrand
db1357bb3c Added TInjA and the Template Injection Table 
Both are novel tools to help Pentesters / Bug bounty hunters to detect template injections
 2023-12-03 13:15:47 +01:00
2h0ng
34da0e2708 Update Lodash SSTI 
Update Lodash SSTI
 2023-09-02 21:24:59 -04:00
KeoOp
598d2ca3fa Update README.md 2023-06-07 14:15:07 +08:00
Rémi GASCOU (Podalirius)
b3f98adf0c SSTI / jinja2 : Removed dot in lipsum.__globals__.["os"] 2023-05-09 20:15:02 +02:00
Rémi GASCOU (Podalirius)
9c2b040242 Adding Jinja2 RCE through lipsum in Templates 2023-05-09 18:34:35 +02:00
Tom Wilford
c1dc141e13 Added 'passthru' filter exploits 2023-04-28 14:47:59 +01:00
Swissky
a38701a7e2 MOTD + SpEL injection 2023-02-20 17:21:43 +01:00
Alexandre ZANNI
89782643c9 SSTI: add some jinja2 examples 2023-01-28 15:29:54 +01:00
Swissky
ec7c363aba Merge pull request #592 from oddrabbit/patch-1 
Added in Spring Framework SSTI Detection & Exploitation
 2022-12-28 10:55:13 +01:00
Swissky
996c83bb4b Update README.md 2022-12-28 10:54:48 +01:00
Swissky
f318f8bcc0 Update README.md 2022-12-27 18:26:13 +01:00
Aur0ra
29c23ac7fd Update README.md 2022-12-27 18:30:20 +08:00
OddRabbit
b672771a1b Update README.md 2022-10-28 00:07:26 +11:00
Fabian S. Varon Valencia
8136e462c2 remove old link, I can't find a replacement url 2022-10-26 20:36:52 -05:00
Fabian S. Varon Valencia
3822c27634 update old url's 2022-10-26 20:36:15 -05:00
Swissky
8df30de938 Remove deadlink 2022-10-21 12:16:32 +02:00
Urmalveer Singh
4e5521deae Fix: Broken Link 
Changed name in summary links: Django Template > Django Templates
Fixed corresponding link: #django-template > #django-templates
 2022-10-18 14:38:10 +05:30
Swissky
6dd5c18b45 Normalize Titles 2022-10-12 12:13:55 +02:00
Swissky
4ed3e3b6b9 Blind SSTI Jinja 2022-10-02 12:24:39 +02:00
Alexandre ZANNI
3e68276fb7 add 3 template engines + add lang in menu 2022-09-21 11:28:57 +02:00
Swissky
e11a37e6a2 Merge pull request #515 from vladko312/patch-1 
Added a new SSTI tool
 2022-09-07 14:01:09 +02:00
Techbrunch
7850928d41 Add detection 2022-08-30 13:54:59 +02:00
Techbrunch
871b3bcaf2 Add Django Templates SSTI 2022-08-30 13:50:03 +02:00
Wlayzz
961d935623 Update java ssti 
fix little inattention
 2022-08-19 16:22:39 +02:00
Wlayzz
8d70f262ae Update Java SSTI 
Adding variable expressions alternative for java injection
 2022-08-19 15:04:52 +02:00
Swissky
6650c361e7 Capture a network trace with builtin tools 2022-08-15 15:02:29 +02:00
Swissky
683167d4e9 Merge pull request #521 from mh4ckt3mh4ckt1c4s/ssti-detection 
Add SSTI detection payload + related resource
 2022-08-09 22:09:15 +02:00
its0x08
fc1f3b25a7 fix: Fix spelling 2022-08-09 11:02:21 +02:00
mh4ckt3mh4ckt1c4s
9d274a39a4 Add SSTI detection payload + related resource 2022-08-05 20:05:20 +02:00
s. vewa
33d632df4e Twig in Wordpress 
Was very unsuccessful with the given Twig examples, quotes were escaped so got invalid, file_excerpt threw an error, too. Include and also injecting the file name helped. Don't know if this is a wordpress thing...
 2022-07-24 12:30:09 +02:00
Vladislav Korchagin
7b79bce819 Update README.md 2022-07-17 18:35:59 +03:00
0x-nope
59cae2ddb4 Update README.md 2022-04-20 09:42:58 +02:00
0x-nope
3db4d04467 added Groovy EL section 2022-03-04 17:39:28 +01:00
ahronmoshe
a26867fdf9 Update README.md 2021-10-26 20:35:04 +03:00