wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-28 14:06:08 +02:00
Code Issues Releases Activity
1,701 Commits 2 Branches 5 Tags 48 MiB
Commit Graph

102 Commits

Author SHA1 Message Date
somebodyoncetoldme aa8950a273
Update PostgreSQL Injection.md 
Switch "column_name" to "table_name".
 2023-01-03 21:02:57 -08:00
Swissky 6dd5c18b45 Normalize Titles 2022-10-12 12:13:55 +02:00
Swissky 3f3736471e
Merge branch 'master' into patch-4 2022-10-11 11:26:28 +02:00
Deep Dhakate a670a26eea Update 2022-10-02 06:13:01 +00:00
Swissky c7dd67986c Oracle SQL 2022-09-13 22:04:21 +02:00
Dhmos Funk aa89a909d1
Update PostgreSQL Injection.md 2022-09-10 15:56:31 +03:00
Swissky 7663594118
Update SQLite Injection.md 2022-09-07 14:02:38 +02:00
nerrorsec 418285b7f6
Boolean - Extract info (order by) 2022-08-13 10:07:54 +05:45
mr.The f82efffbc7
Boolean error based* instead of just error based 2022-08-12 18:36:43 +03:00
mr.The 0d9a2354e5
Add error-based vector for the sqlite 2022-08-12 18:33:44 +03:00
its0x08 fc1f3b25a7 fix: Fix spelling 2022-08-09 11:02:21 +02:00
Jeyanthan 7ad7ae722d
Update OracleSQL Injection.md 
missing 'T' in the SELECT in the  Oracle blind SQLI section
 2022-07-20 13:34:27 +02:00
Swissky 28425b37a3 LFI to RCE via upload (FindFirstFile) 2022-06-19 22:48:46 +02:00
PinkDraconian 5cc8e698c9
Single quotes are messing with the command. 2022-05-15 13:53:50 +02:00
Alexandre ZANNI c274874430
MSSQL: list permissions 2022-04-18 17:21:26 +02:00
Alexandre ZANNI 1f73834d5e
HQLi in Java apps - HITBSecConf2016 2022-04-14 18:07:35 +02:00
Swissky 4abd52697f MSSQL Agent Command Execution 2022-03-10 11:05:17 +01:00
Swissky 71dcfd5ca7 ADCS ESC7 Shell + Big Query SQL 2022-02-18 14:50:38 +01:00
Swissky 0b5c5acb87 ESC7 - Vulnerable Certificate Authority Access Control 2022-01-30 23:41:31 +01:00
astroicers 119ae90db6
Update MySQL Injection.md 
fix line 426
 2022-01-04 14:28:17 +08:00
Alex G a568270b15
Add NAME_CONST for MySQL Error based injection 2021-12-16 12:11:25 +01:00
malet 4ab2649317
Fixing "RCE - Attach Database" Payload 
The old payload doesn't work for many cases as the `php` in `<?php` is missing.
 2021-12-14 19:54:41 +01:00
Brian Stadnicki 03427da534 SQLite Injection add extract database structure 2021-12-07 06:51:27 +00:00
Philippe Arteau 4169e5d603
informa4on_schema => information_schema 
(Copy-paste error)
 2021-10-31 23:33:58 -04:00
Philippe Arteau 6c5e790234
SQLi: Whitespace alternatives + WAF Bypass 2021-10-31 23:25:08 -04:00
jaxBCD 11dc7bc2c2
Update Oracle Sql injection.md add sql error 
Add some error point oracle sql injection
 2021-10-04 22:52:48 +07:00
Alvin Smith 335a5c42fb
Update MySQL Injection.md 2021-09-25 22:53:25 +12:00
sudoutopia f18cb9b569
GROUP_CONCAT equivelent for MSSQL 2021-08-11 17:07:55 +02:00
Swissky 87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Swissky 0443babe35 Relay + MSSQL Read File 2021-03-25 18:25:02 +01:00
Swissky f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Karim Kanso 826130946c
Add a one line postgres file write 2021-01-30 14:17:35 +00:00
Swissky 4e17d6c2b3
Update PostgreSQL Injection.md 2021-01-24 18:43:58 +01:00
Swissky cd6f5493b3
Update PostgreSQL Injection.md 2021-01-24 18:43:28 +01:00
Ayoma Wijethunga 4b8dab523e
Add PostgreSQL Check if Current User is Supperuser 2021-01-24 23:09:52 +05:30
marcan2020 3cf44386da
Remove unnecessary condition to extract columns 
Since we retrieve only the rows with a specific table name `name ='table_name', the table name won't start with `sqlite_` .
Thus, we can remove the unnecessary condition.
 2020-11-17 19:59:11 -05:00
Swissky f9e2512080
Merge pull request #287 from beomsu317/master 
Update SQL-Injection
 2020-11-03 10:38:02 +01:00
Swissky 1137bfca8d Remote Desktop Services Shadowing 2020-10-30 21:10:00 +01:00
Siddharth Reddy 2bdd23dc51
Update MySQL Injection.md 2020-10-29 17:03:22 +05:30
Vincent Gilles 0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
Siddharth Reddy fdc44ce84e
Update Cassandra Injection.md 
Broken link [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)
 2020-10-09 18:10:12 +05:30
Swissky a8319b94ff
Merge pull request #259 from SiddTim/patch-1 
Update Cassandra Injection.md
 2020-10-09 10:31:58 +02:00
Siddharth Reddy f284045ba6
Update MSSQL Injection.md 
Broken link [Sqlinjectionwiki - MSSQL](http://www.sqlinjectionwiki.com/categories/1/mssql-sql-injection-cheat-sheet/) .
 2020-10-09 12:53:21 +05:30
Siddharth Reddy f66c53ee25
Update Cassandra Injection.md 
Broken link [https://hack2learn.pw/cassandra/login.php]
 2020-10-09 12:45:28 +05:30
Swissky a478356f43 MySQL Fast Exploitation using json_arrayagg() 2020-09-23 17:19:34 +02:00
Swissky dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
hloverflow 2e7b9db94b Corrected Reference to 2009 paper 2020-07-12 13:21:18 +08:00
HLOverflow 37f66cc523
add to table of content 2020-07-12 13:17:43 +08:00
hloverflow baadc6d3e9 contribute PostgreSQL bypass quotes technique 2020-07-12 13:14:26 +08:00
Swissky d3f1bfa1ae
Merge pull request #209 from c14dd49h/patch-1 
Update README.md
 2020-07-11 10:50:04 +02:00