wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-29 10:56:23 +02:00
Code Issues Releases Activity
1,701 Commits 2 Branches 5 Tags 48 MiB
Commit Graph

64 Commits

Author SHA1 Message Date
Swissky 514ac98dac SSRF + XSS details + XXE BOM 2022-12-13 22:29:20 +01:00
Fabian S. Varon Valencia 3822c27634 update old url's 2022-10-26 20:36:15 -05:00
Deep Dhakate a670a26eea Update 2022-10-02 06:13:01 +00:00
Swissky fb7f10eab8
Merge pull request #485 from ajdumanhug/master 
SSRF: Don't encode entire IP
 2022-09-06 23:15:20 +02:00
Swissky 8d609b1460
Update README.md 2022-09-06 23:15:12 +02:00
Swissky 84fa229a44
Merge pull request #463 from nismo-s13/master 
Delete Parser & Curl < 7.54.png
 2022-09-06 23:13:55 +02:00
Tasos T 023a3c38e3 Added information on 307 and 308 redirects 2022-05-19 12:55:11 +03:00
Swissky b0d05faded TruffleHog examples + Cortex XDR disable 2022-04-14 09:42:15 +02:00
Aj Dumanhug 3c441669d8
Update README.md 2022-03-13 01:30:37 +08:00
nismo-s13 35e64b2275
Delete Parser & Curl < 7.54.png 2021-11-24 17:47:39 +13:00
Swissky 21b3a0630f
Update README.md 2021-11-09 13:57:09 +01:00
Techbrunch a614525b70
Replace xip.io by nip.io 
xip.io appears to be dead
 2021-11-09 11:15:44 +01:00
Philippe Arteau 17e2833f1d Rename file with less than symbol. 2021-10-29 12:26:45 -04:00
Swissky c957271453
SSRF PDF PhantomJS 2021-09-08 12:49:32 +02:00
clem9669 f4053576f4
Update SSRF 
Adding octal techniques for SSRF. 

DEFCON video: https://www.youtube.com/watch?v=_o1RPJAe4kU
 2021-08-06 15:55:55 +00:00
Aj Dumanhug 78e8bcf136
Add AWS SSRF Bypasses 2021-06-16 23:42:50 +08:00
Swissky bd2166027e GMSA Password + Dart Reverse Shell 2021-03-24 12:44:35 +01:00
Swissky 8d31b7240b Office Attacks 2021-02-21 20:17:57 +01:00
PwnL0rd bde7fc738c
added link in the reference section 2020-11-08 12:00:35 +05:30
security-is-myth f3066722ee update SSRF/README.md with java payloads 2020-11-07 22:07:18 +05:30
security-is-myth 08bc3acb05 update SSRF/README.md with java payloads 2020-11-07 22:03:02 +05:30
Robbie e8fccb6dd2
Update README.md 
added 169.254.169.254 decimal
 2020-10-31 20:19:27 +00:00
Alex Lauerman d5c1f39c0f
Added DNS Rebinding 2020-06-21 16:31:16 -05:00
Alex Lauerman c39c904c9a
Moved bypasses under the bypasses section 2020-06-21 16:27:32 -05:00
Alex Lauerman 6d37ad9e2e
Improved Clarity of ssrf redirect 2020-06-21 16:19:15 -05:00
Swissky ecf29c2cbe Active Directory - Mitigations 2020-06-18 11:55:48 +02:00
bsysop 24981f945f
metadata.nicob.net not long resolve to metadata IP 
```
$ dig +short metadata.nicob.net
...
```

Not resolving
 2020-06-14 12:08:25 -03:00
Swissky 71ddb449ce Windows Persistence 2020-06-01 21:37:32 +02:00
Swissky 4ca5e71c2f Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
John a5d220d599 Added SSRF bypass details 2020-05-13 12:19:36 -04:00
Swissky 89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Techbrunch 3abf2aff2a
Update AWS SSRF tips 
Added http://instance-data
 2020-03-11 15:20:51 +01:00
Swissky 71171fa78b SSRF exploiting WSGI 2020-01-05 22:11:28 +01:00
mikesiegel e024afc9f7 Added anti-SSRF header bypass for GCP. 2019-12-31 15:11:58 +00:00
mikesiegel 7aa2761e3e Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing. 2019-12-31 15:07:20 +00:00
Alexandre ZANNI 54c94e0398
add ref for docker SSRF 2019-11-03 23:50:58 +01:00
Alexandre ZANNI c6b5bbab2b
fix TOC links 2019-10-22 20:26:04 +02:00
Swissky 7159a3ded3 RODC dcsync note + Dumping AD Domain summary 2019-10-18 00:07:09 +02:00
Swissky 8eae039a28 netdoc:// wrapper for Java SSRF 2019-10-17 21:13:04 +02:00
Swissky 05b3e13098 SSRF for ECS 2019-10-12 13:30:52 +02:00
Swissky 357658371f SSRF URL for Google Cloud 2019-10-06 20:59:58 +02:00
Swissky 5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Swissky b6697d8595 SSRF SVG + Windows Token getsystem 2019-08-15 18:21:06 +02:00
Swissky 05054af343 JWT RS256 to HS256 using pubkey to generate a signature 2019-07-10 20:58:50 +02:00
Swissky 144b3827ab MS14-068 + /etc/security/opasswd 2019-06-29 17:55:13 +02:00
Swissky 9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky 9c2e63818f XSS without parenthesis, semi-colon + Lontara 2019-05-15 21:55:17 +02:00
Swissky bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Swissky 5bb27ee889 SSRF Google Cloud - add ssh key 2019-04-22 11:35:07 +02:00
Swissky 4d3ee90eec Command injection rewritten 2019-04-21 19:50:50 +02:00