whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/misc/PayloadsAllTheThings
History
Stefan Etringer 4427517c17 bump 2022-05-31 21:08:28 +02:00
..
.github bump 2022-05-31 21:08:28 +02:00
API Key Leaks bump 2022-05-31 21:08:28 +02:00
AWS Amazon Bucket S3 bump 2022-05-31 21:08:28 +02:00
Account Takeover bump 2022-05-31 21:08:28 +02:00
CORS Misconfiguration bump 2022-05-31 21:08:28 +02:00
CRLF Injection bump 2022-05-31 21:08:28 +02:00
CSRF Injection bump 2022-05-31 21:08:28 +02:00
CSV Injection bump 2022-05-31 21:08:28 +02:00
CVE Exploits bump 2022-05-31 21:08:28 +02:00
Command Injection bump 2022-05-31 21:08:28 +02:00
DNS Rebinding bump 2022-05-31 21:08:28 +02:00
Dependency Confusion bump 2022-05-31 21:08:28 +02:00
Directory Traversal bump 2022-05-31 21:08:28 +02:00
File Inclusion bump 2022-05-31 21:08:28 +02:00
GraphQL Injection bump 2022-05-31 21:08:28 +02:00
HTTP Parameter Pollution bump 2022-05-31 21:08:28 +02:00
Insecure Deserialization bump 2022-05-31 21:08:28 +02:00
Insecure Direct Object References bump 2022-05-31 21:08:28 +02:00
Insecure Management Interface bump 2022-05-31 21:08:28 +02:00
Insecure Source Code Management bump 2022-05-31 21:08:28 +02:00
JSON Web Token bump 2022-05-31 21:08:28 +02:00
Kubernetes bump 2022-05-31 21:08:28 +02:00
LDAP Injection bump 2022-05-31 21:08:28 +02:00
LaTeX Injection bump 2022-05-31 21:08:28 +02:00
Methodology and Resources bump 2022-05-31 21:08:28 +02:00
NoSQL Injection bump 2022-05-31 21:08:28 +02:00
OAuth bump 2022-05-31 21:08:28 +02:00
Open Redirect bump 2022-05-31 21:08:28 +02:00
Race Condition bump 2022-05-31 21:08:28 +02:00
Request Smuggling bump 2022-05-31 21:08:28 +02:00
SAML Injection bump 2022-05-31 21:08:28 +02:00
SQL Injection bump 2022-05-31 21:08:28 +02:00
Server Side Request Forgery bump 2022-05-31 21:08:28 +02:00
Server Side Template Injection bump 2022-05-31 21:08:28 +02:00
Tabnabbing bump 2022-05-31 21:08:28 +02:00
Type Juggling bump 2022-05-31 21:08:28 +02:00
Upload Insecure Files bump 2022-05-31 21:08:28 +02:00
Web Cache Deception bump 2022-05-31 21:08:28 +02:00
Web Sockets bump 2022-05-31 21:08:28 +02:00
XPATH Injection bump 2022-05-31 21:08:28 +02:00
XSLT Injection bump 2022-05-31 21:08:28 +02:00
XSS Injection bump 2022-05-31 21:08:28 +02:00
XXE Injection bump 2022-05-31 21:08:28 +02:00
_template_vuln bump 2022-05-31 21:08:28 +02:00
.gitignore bump 2022-05-31 21:08:28 +02:00
BOOKS.md bump 2022-05-31 21:08:28 +02:00
CONTRIBUTING.md bump 2022-05-31 21:08:28 +02:00
LICENSE bump 2022-05-31 21:08:28 +02:00
README.md bump 2022-05-31 21:08:28 +02:00
TWITTER.md bump 2022-05-31 21:08:28 +02:00
YOUTUBE.md bump 2022-05-31 21:08:28 +02:00

README.md

Payloads All The Things Tweet

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.