admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 8ff2aa8aff Merge pull request #39 from n3v4/master Swissky 2019-02-07 14:01:43 +01:00
  • 90db8b0f11 Update exif_imagetype bypass Vladislav Nechakhin 2019-02-07 14:59:22 +07:00
  • 7877647db1 Update exif_imagetype bypass Vladislav Nechakhin 2019-02-07 14:51:03 +07:00
  • 357f8a69a8 Merge pull request #38 from n3v4/master Swissky 2019-02-02 11:36:22 +01:00
  • b30ac4e5bb Add exif_imagetype bypass Vladislav Nechakhin 2019-02-02 17:29:04 +07:00
  • ffde81e2c0 Merge pull request #37 from marcan2020/patch-1 Swissky 2019-01-29 23:14:09 +01:00
  • 7068cb6edc Update MSSQL Command execution marcan2020 2019-01-29 15:25:25 -05:00
  • 20bf52eb6a Bugfix 3 - removing the "-" in SSRF Swissky 2019-01-28 20:35:28 +01:00
  • 1f502ce20d Bugfix 2 - Fixing git mess Swissky 2019-01-28 20:32:43 +01:00
  • b9f2fe367c Bugfix - Errors in stashed changes Swissky 2019-01-28 20:27:45 +01:00
  • cd2d76d538 Merge pull request #36 from ThunderSon/patch-1 Swissky 2019-01-28 08:16:38 +01:00
  • 99857a714f fead: add powerless repo to the tools ThunderSon 2019-01-27 20:13:06 +02:00
  • e07a654080 Command injection renamed + sudo/doas privesc Swissky 2019-01-22 21:45:41 +01:00
  • 4db45a263a MSSQL union based + Windows Runas Swissky 2019-01-20 16:41:46 +01:00
  • 22c82cb277 Merge pull request #35 from noraj/patch-1 Swissky 2019-01-17 19:54:37 +01:00
  • ab6535c6d9 Bugfix picture SSRF Swissky 2019-01-13 22:28:49 +01:00
  • 1547338f84 SSRF exploitation and minor rewritting Swissky 2019-01-13 22:27:11 +01:00
  • 3bcd3d1b3c SUID & Capabilities Swissky 2019-01-13 22:05:39 +01:00
  • 0070ac5dc4 Phar PHP shell files Swissky 2019-01-10 22:36:30 +01:00
  • c7a292c19d XSS using base64 encoded href data in a link Alexandre ZANNI 2019-01-10 18:24:43 +01:00
  • ea0bddc18a Windows RCE wildcard + XSS UI redressing Swissky 2019-01-08 20:49:05 +01:00
  • 2e3aef1a19 Shell IPv6 + Sandbox credential Swissky 2019-01-07 18:15:45 +01:00
  • 8b39647de6 AWS S3 and Open redirect rewritten Swissky 2018-12-29 13:05:29 +01:00
  • 67c644a300 Directory traversal / File inclusion rewritten Swissky 2018-12-28 00:27:15 +01:00
  • e480c9358d SQL wildcard '_' + CSV injection reverse shell Swissky 2018-12-26 01:02:17 +01:00
  • bd97c0be86 README update + Typo fix in Active Directory Swissky 2018-12-25 20:41:43 +01:00
  • d57d59eca7 NTLMv2 hash capturing, cracking, replaying Swissky 2018-12-25 20:35:39 +01:00
  • d5478d1fd6 AWS Pacu and sections + Kerberoasting details Swissky 2018-12-25 19:38:37 +01:00
  • 82d4ff6c1d References added based on @ngalongc bug-bounty-references Swissky 2018-12-25 16:10:15 +01:00
  • b9efdb52d3 Linux - PrivEsc - First draft Swissky 2018-12-25 15:51:11 +01:00
  • 38c3bfbd9f Windows Priv Esc - Unquoted Path, Password looting and Powershell version Swissky 2018-12-25 15:19:45 +01:00
  • cdc3b5e080 XXE references + summary Swissky 2018-12-25 12:08:32 +01:00
  • c25af52316 Blind XSS Angular JS Swissky 2018-12-24 15:09:43 +01:00
  • a6475a19d9 Adding references sectio Swissky 2018-12-24 15:02:50 +01:00
  • 9c529535a5 CSRF - Fix image Swissky 2018-12-24 14:17:49 +01:00
  • 9c878f9b09 CSRF - First draft Swissky 2018-12-24 14:14:51 +01:00
  • b4aff1a826 Architecture - Files/Intruder/Images and README + template Swissky 2018-12-23 00:45:45 +01:00
  • e096d10a30 Merge pull request #34 from Fisjkars/master Swissky 2018-12-18 14:03:22 +01:00
  • b59e24312e Update Springboot readme Maxime Escourbiac 2018-12-18 11:18:50 +01:00
  • 5b7a3a95d3 Add Springboot Actuator management interface Fisjkars 2018-12-18 11:05:15 +01:00
  • 69c1d601fa Kerberoasting + SQLmap write SSH key Swissky 2018-12-15 00:51:33 +01:00
  • 8403068681 Merge pull request #32 from Meatballs1/Meatballs1-patch-1 Swissky 2018-12-14 10:25:04 +03:00
  • 20c6bb2299 Update httpd.conf Meatballs1 2018-12-14 00:03:50 +00:00
  • 1d6b34ace5 Create README.md Meatballs1 2018-12-14 00:02:58 +00:00
  • f1fec1c952 Create shellymcshellface.sh Meatballs1 2018-12-13 23:58:24 +00:00
  • 1e4e04831b Create httpd.conf Meatballs1 2018-12-13 23:56:10 +00:00
  • 68325c8b98 Insecure deserialization Python Swissky 2018-11-27 23:04:17 +01:00
  • c8d7575ba3 Minor edit in deserialization PHP and type juggling Swissky 2018-11-26 23:35:43 +01:00
  • 521d61d956 Attacks details + Summary JWT + XXE adjustments Swissky 2018-11-26 00:25:06 +01:00
  • 928a454531 Blind XSS endpoint + SSRF Google + Nmap subdomains Swissky 2018-11-25 15:44:17 +01:00
  • b34cff5a74 XXE in docx, pptx, .. : Open XML files Swissky 2018-11-24 15:50:43 +01:00
  • 1225a9a23d Metasploit Cheatsheet Swissky 2018-11-24 15:32:44 +01:00
  • 565b40d177 reGeorg + Meterpreter socks + S3 trick name Swissky 2018-11-24 13:49:08 +01:00
  • 0309a2efbd Merge pull request #30 from m-veljkovic/master Swissky 2018-11-19 14:01:44 +01:00
  • 59d0020c86 Update README.md Milan Veljkovic 2018-11-19 12:45:01 +01:00
  • a0f8e846fa Blind XSS - XSS Hunter, Sleepy Puppy etc Swissky 2018-11-18 15:37:01 +01:00
  • fd99da6c06 Insecure source code - harvesting secrets Swissky 2018-11-18 14:12:05 +01:00
  • 5c1d025b03 README - CVE update Swissky 2018-11-18 13:40:47 +01:00
  • 7096b813ec Insecure direct object references - IDOR Swissky 2018-11-17 17:08:46 +01:00
  • 182db99e13 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings Swissky 2018-11-17 14:41:40 +01:00
  • 3522d9a674 Files JPEG -> JPG + Tag v2 2.0 Swissky 2018-11-17 14:40:12 +01:00
  • 133518a78b Merge pull request #28 from om3rcitak/patch-1 Swissky 2018-11-16 13:49:35 +01:00
  • 081df9b24d add new attack patterns from Daniel miessler omer citak 2018-11-16 14:45:51 +03:00
  • af9abc6592 More CVE - RCE : Jenkins, JBoss, WebLogic, WebSphere Swissky 2018-11-15 23:13:08 +01:00
  • 15fe34052b Ruby Deserialization Swissky 2018-11-13 23:38:40 +01:00
  • d181ff4e79 Deserialization - merging Java, PHP Swissky 2018-11-13 23:25:18 +01:00
  • ddfdc51e68 Credit fix - WAF bypass Swissky 2018-11-09 12:43:30 +01:00
  • 1b2ee3e67a Subdomain enumeration - New Aquatone (Go) Swissky 2018-11-05 13:45:52 +01:00
  • 6bcb43e39c LDAP fix typo + LDAP attributes + LFI filter chaining Swissky 2018-11-02 13:50:56 +01:00
  • 86db6b7f6f Polyglot XSS from @filedescriptor's Polyglot Challenge Swissky 2018-10-31 23:41:11 +01:00
  • 4b7fe437a5 LDAP userPassword attribute Swissky 2018-10-31 22:34:10 +01:00
  • add00c7357 JWT JSON Web Token + SSI files Swissky 2018-10-29 22:22:10 +01:00
  • 7b919e4492 AWS cp files and grant access with ACL Swissky 2018-10-20 17:03:13 +02:00
  • f1eefd2722 Script Docker RCE Swissky 2018-10-18 17:32:01 +02:00
  • f8019e2234 Merge pull request #27 from timwis/patch-1 Swissky 2018-10-11 09:09:42 +02:00
  • 4f6841ed17 Remove gender-specific pronoun for attacker Tim Wisniewski 2018-10-10 23:54:18 -04:00
  • ea1c3a7ccb Merge pull request #26 from Techbrunch/patch-1 Swissky 2018-10-08 23:02:35 +02:00
  • 78103d13a1 Add Rancher Metadata Service Techbrunch 2018-10-08 21:46:57 +02:00
  • 35d4139373 WebCache param miner file + Reverse shell Python TTY Swissky 2018-10-08 13:49:50 +02:00
  • 869b29195b SQLmap --crawl, --form Swissky 2018-10-04 19:59:11 +02:00
  • f0a8b6f8b8 Koadic cheatsheet renamed to "Windows - Post Exploitation" Swissky 2018-10-04 17:39:55 +02:00
  • 9ebf2057c5 Koadic Cheatsheet + Linux persistence in startup .desktop file Swissky 2018-10-04 17:35:57 +02:00
  • 747f1d172c Reverse shell python for Windows + Lua + Awk Swissky 2018-10-02 17:17:03 +02:00
  • 824d8c370b Bugfix README + Can I take over xyz Swissky 2018-10-02 16:57:01 +02:00
  • 1c5f8889bd Network Discovery and Subdomains enumerations Swissky 2018-10-02 16:17:16 +02:00
  • b315252c89 LFI - Intruder files (Windows,Linux,Logs...) Swissky 2018-10-01 17:11:51 +02:00
  • a3975ab261 SQLmap TOR + Cookie + Proxy Swissky 2018-10-01 16:03:07 +02:00
  • 7b49f1b13a PHP Serialization - phpggc Swissky 2018-10-01 12:30:14 +02:00
  • 6ca5ff1703 PHP Serialization Auth Bypass - Merge pull request #25 from noraj/patch-2 Swissky 2018-09-26 18:04:08 +02:00
  • 3cf806c8ff 2nd unserialize payload Alexandre ZANNI 2018-09-26 00:13:19 +02:00
  • d49e40b1b2 add auth bypass Alexandre ZANNI 2018-09-25 23:59:29 +02:00
  • 1a1a48c725 Web Cache Deception details from SI9INT's blogpost Swissky 2018-09-23 20:07:19 +02:00
  • 8bef006d7f MSSQL Comments - Merge pull request #24 from Margular/patch-1 Swissky 2018-09-22 23:12:23 +02:00
  • 20c1e5c075 add comments 时雨 2018-09-23 02:30:03 +08:00
  • cce0444245 SQL injection - Intruders payloads Swissky 2018-09-21 18:44:32 +02:00
  • 699d66d701 Merge pull request #23 from noraj/patch-1 Swissky 2018-09-21 18:42:32 +02:00
  • a1eb693270 routed injection in ToC Alexandre ZANNI 2018-09-20 23:52:07 +02:00
  • 7a80647e63 Raw MD5 SQL injection + SSH Konami Code Swissky 2018-09-10 23:12:29 +02:00
  • 2a080f82e6 Cassandra SQL + XSS MD + PHP Type Juggling Swissky 2018-09-10 20:40:43 +02:00
  • 90f4c3634e PDF JS Swissky 2018-09-06 20:28:30 +02:00