admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16 Commits 2 Branches 7 Tags
bce6dc6d3dd132d070663d440d15b1d1f5d0f739
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
swisskyrepo bce6dc6d3d Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
CRLF injection
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
CSV injection
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
CVE Shellshock Heartbleed
CVE Heartbleed and Shellshcok added
2016-10-20 09:54:29 +07:00
Open redirect
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
PHP include
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
PHP juggling type
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
PHP serialization
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
Remote commands execution
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
SQL injection
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
SSRF injection
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
Tar commands execution
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
Traversal directory
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
Upload insecure files
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
XSS injection
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
XXE files
Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
README.md
CVE Heartbleed and Shellshcok added
2016-10-20 09:54:29 +07:00

README.md

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security

TODO:

  • PHP Serialization
  • CSV Injection

To improve:

  • RCE
  • SQL injection
  • XXE
  • SSRF
  • Upload
  • Tar command exec
  • Traversal Directory
  • XSS
  • PHP Include

TODO v2:

  • Remove "_" in dir name
  • Add CVE : Hearbleed and ShellShock ?

/!\ Work in Progress : 40%

Reference in New Issue View Git Blame Copy Permalink
Description
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application
Readme MIT 31 MiB
Languages
Python 76.2%
ASP.NET 8.7%
XSLT 5.9%
Classic ASP 3.2%
PHP 3.1%
Other 2.8%