wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-23 09:06:08 +02:00
Code Issues Releases Activity
1,059 Commits 2 Branches 5 Tags 48 MiB
Commit Graph

43 Commits

Author SHA1 Message Date
Swissky 08b59f2856 AD update CME+DCOM 2021-04-21 22:27:07 +02:00
linoskoczek 825295e465
Update README.md 
Fix broken links in Summary
 2021-03-18 19:16:59 +00:00
lapolis_aka_blu 6f758ba6c0
Added closing bracket in unicode full width bypass 
Yeah I know it is logic to use it if you really need the closing tag. But having both brackets in your repo makes it quicker to copy paste :D
 2021-01-15 16:38:51 +00:00
Swissky f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
Max Boll 2a65064d15 little update 2020-10-27 14:10:35 +01:00
Max Boll 350c55a1ac XSS Tools added 2020-10-27 13:31:37 +01:00
Vincent Gilles 0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
Max Rodrigo 2f40961990 Fix PHP XSS data collector line breaks 2020-09-05 10:36:58 +02:00
Viren Pawar 0266a7dd67
[Update] Added 1 payload 
Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application.
Working proof of payload here: 

https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x={{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
 2020-08-15 16:29:13 +05:30
Swissky c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
looCiprian 93a372cea4 Add jsfuck bypassing method to xss cheat sheet 2020-06-23 18:34:02 +02:00
reza.duty 010b550dec
Update README.md 2020-06-17 11:42:26 +04:30
reza.duty 03a0bda20d
Update README.md 2020-06-09 20:05:32 +04:30
Swissky 7f1c150edd Mimikatz Summary 2020-05-10 16:17:10 +02:00
Thomas Orlita d0bb0f6f5b
Update CSP Evaluator blog link 2020-05-10 10:32:51 +02:00
reza.duty eb28e4c28d
add Self Closing Script 2020-05-06 22:57:55 +04:30
Swissky 5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky e9b296adb3 DoyenSec Payloads XSS Google Scholar 2020-05-02 14:31:33 +02:00
bohdansec c4af354d8f
Update Cloudflare XSS bypasses 
Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
 2020-04-22 00:51:36 +03:00
Çlirim Emini d3ce3924a9
Create 0xcela_event_handlers.txt 2020-01-15 17:00:26 +01:00
Kyle Martin e95b0c34a3 clarify AngularJS vs Angular 2019-12-07 10:54:47 +13:00
clem9669 286f7caaa3
Bypass XSS filters on alert 
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
 2019-12-03 15:24:24 +01:00
Minh Triet Pham Tran f44d014fc2
Copy this -> Cut this 
Change copy to cut instruction
 2019-12-02 12:59:54 +07:00
Swissky f6d5221a85 SID history break trust + Powershell history + SCF files 2019-11-07 23:21:00 +01:00
Swissky 6fecedd880 MXSS - Mutated XSS - Google POC 2019-11-06 18:32:29 +01:00
nizam0906 ab341cff38
Updated Blind XSS endpoint 
* User Agent
* Comment Box
 2019-10-28 16:51:36 +05:30
nizam0906 aef5bb864a
Update jsonp_endpoint.txt 
Added 3 yahoo jsonp endpoints
* https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?cb=alert(1337)
* https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)
* https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-
 2019-10-25 22:27:16 +05:30
marcan2020 920da73bd7
Add Angular automatic sanitization 2019-10-02 21:24:53 -04:00
Swissky 3221197b1e RCE vBulletin + findomain 2019-09-26 20:41:01 +02:00
Jonathan Leitschuh 7b6c8d46aa
Add dot filter bypass with decimal IP 2019-08-28 13:56:55 -04:00
Swissky 4a176615fe CORS Misconfiguration 2019-08-18 12:08:51 +02:00
Swissky bd449e9cea XSS PostMessage 2019-08-03 23:22:14 +02:00
Swissky 9b96c7692f XSS onpointer* 2019-08-01 14:39:15 +02:00
Lewis dab064a583
adding reference to blog 2019-07-12 12:49:02 -07:00
h1-ragnar edcac293a8
Cloudflare XSS Bypasses by Bohdan Korzhynskyi 2019-06-05 21:36:41 +03:00
Swissky 9c2e63818f XSS without parenthesis, semi-colon + Lontara 2019-05-15 21:55:17 +02:00
Swissky bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Swissky 765c615efe XSS injection Summary + MSF web delivery 2019-05-12 14:22:48 +02:00
BillyNoGoat e0dbfc1578
Fixed link for google CSP bypass 2019-04-16 11:37:59 +01:00
Swissky bbc9029dd6 XSS in several filetype based on @__Mn1__ blogpost 2019-03-26 21:49:03 +01:00
Rakesh Mane 4b38516e3b
Update README.md 
Added Cloudflare XSS bypass
 2019-03-22 13:53:25 +05:30
Swissky 404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00