Skip to content
/ PayloadsAllTheThings Public
forked from swisskyrepo/PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

0 stars 14.9k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

romydj/PayloadsAllTheThings

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
AWS Amazon Bucket S3
AWS Amazon Bucket S3
 
 
CRLF injection
CRLF injection
 
 
CSV injection
CSV injection
 
 
CVE Shellshock Heartbleed
CVE Shellshock Heartbleed
 
 
NoSQL injection
NoSQL injection
 
 
OAuth
OAuth
 
 
Open redirect
Open redirect
 
 
PHP include
PHP include
 
 
PHP juggling type
PHP juggling type
 
 
PHP serialization
PHP serialization
 
 
Remote commands execution
Remote commands execution
 
 
SQL injection
SQL injection
 
 
SSRF injection
SSRF injection
 
 
Tar commands execution
Tar commands execution
 
 
Traversal directory
Traversal directory
 
 
Upload insecure files
Upload insecure files
 
 
XSS injection
XSS injection
 
 
XXE injections
XXE injections
 
 
.gitignore
.gitignore
 
 
Methodology_and_enumeration.md
Methodology_and_enumeration.md
 
 
README.md
README.md
 
 

Repository files navigation

Payloads All The Things

A list of usefull payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :)

Last modifications :

  • XSS paylods improved
  • Methodology added
  • AWS Bucket added

Extract nice bypass from https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/

Tools

More resources

Book's list:

Blogs/Websites

About

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 85.3%
  • PHP 12.9%
  • HTML 1.4%
  • Shell 0.4%