wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-18 20:46:11 +02:00
Code Issues Releases Activity
1,438 Commits 2 Branches 5 Tags 48 MiB
Commit Graph

58 Commits

Author SHA1 Message Date
its0x08 fc1f3b25a7 fix: Fix spelling 2022-08-09 11:02:21 +02:00
s. vewa 33d632df4e
Twig in Wordpress 
Was very unsuccessful with the given Twig examples, quotes were escaped so got invalid, file_excerpt threw an error, too. Include and also injecting the file name helped. Don't know if this is a wordpress thing...
 2022-07-24 12:30:09 +02:00
0x-nope 59cae2ddb4
Update README.md 2022-04-20 09:42:58 +02:00
0x-nope 3db4d04467
added Groovy EL section 2022-03-04 17:39:28 +01:00
ahronmoshe a26867fdf9
Update README.md 2021-10-26 20:35:04 +03:00
Podalirius 25eae11675
Update README.md 2021-09-26 21:57:50 +02:00
Podalirius 6d48f28d99
Update README.md 2021-09-26 21:55:23 +02:00
Podalirius 58d88e5293
Update README.md 2021-09-26 21:48:51 +02:00
Podalirius 030e536586
Update README.md 2021-09-26 21:37:05 +02:00
Podalirius f44fae68b5
Update README.md 2021-09-26 21:30:35 +02:00
Podalirius 5d846e9b8d
Update README.md 2021-09-26 21:28:29 +02:00
Podalirius b5699ecf08
Update README.md 2021-09-18 20:03:12 +02:00
Podalirius 4c29079010
Update README.md 2021-08-26 20:50:19 +02:00
Swissky 7c06c9025e
Update README.md 2021-08-25 22:17:34 +02:00
Jeffrey Cap 9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Podalirius 3bed3bccc8
Added context-free jinja2 payloads 
Fixed a few typos and broken links
 2021-07-27 19:20:36 +02:00
Jeremy Buis 6841fc21d2
Update README.md 
Fixes a typo
 2021-07-16 11:24:16 -04:00
Jeremy Buis a0c08e4e87
Update README.md 
Added Lessjs example PoC
 2021-07-06 10:36:43 -04:00
Swissky e3e3ca6ba2
Merge pull request #366 from mpgn/master 
Update Smarty Template Injection
 2021-05-20 18:08:20 +02:00
mpgn 367296c1f1
Update Smarty Template Injection 2021-05-20 16:42:51 +02:00
Swissky 8d31b7240b Office Attacks 2021-02-21 20:17:57 +01:00
Swissky 6bcd2e8a6a
Update README.md 2021-01-31 21:51:53 +01:00
ムハンマド 89429f9c4f
SSTI Payload in Jinja2 - Arbitrary file read 2021-01-18 11:48:38 +03:00
akoul02 ed944a95af
Improved Jade payload 2020-10-31 18:02:29 +03:00
Vincent Gilles 0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
Swissky b641131f27 SSTI - Pebble update 2020-10-17 12:25:50 +02:00
Swissky 75a0f34bdc
Merge pull request #236 from Techbrunch/patch-9 
Update README.md
 2020-08-19 16:30:32 +02:00
Techbrunch 502a8121b4
Update README.md 
Add reference to debug tag for Jinja2
 2020-08-19 14:46:43 +02:00
Techbrunch 76e6f7dc95
Update README.md 
Add Handlebars payload
 2020-08-19 14:20:18 +02:00
Swissky 2c935df34d EL Injection - SSTI 2020-07-10 15:05:13 +02:00
meizjm3i a987b8be9f corrected a single quotation mark closure error 2020-05-29 18:35:22 +08:00
meizjm3i 7670e2c36c Update ERB SSTI tips 2020-05-29 12:28:55 +08:00
idealphase 712e3b93f6
Sorting like basic injection part 2020-04-30 17:15:31 +07:00
idealphase 7f1fb32980
Adding Execute code using SSTI for ERB engine. 2020-04-30 17:13:58 +07:00
Swissky 1d8414c703 ASP.NET Razor SSTI 2020-04-18 21:18:22 +02:00
Swissky a19fd013fb
Merge pull request #181 from SecGus/master 
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
 2020-04-13 19:42:14 +02:00
chiv 7e7f5e7628 Added SSTI RCE bypass payload for Jinja2 2020-04-13 18:48:43 +01:00
chiv cc3b05017d Added a new RCE payload to Jinja2 SSTI bypasses 2020-04-13 18:44:16 +01:00
SakiiR SakiiR 38c273ff00 Added IFS (WAF bypass) to Symfony Twig RCE 2020-03-29 23:23:26 +02:00
SakiiR SakiiR 8b78c2fe71 Added filter(system) twig RCE 2020-03-29 23:19:27 +02:00
Swissky 268d85b4bf Symfony SSTI Twig RCE 2020-03-29 22:34:26 +02:00
chiv fe4bdb0df4 Improvement to the SSTI RCE 2020-03-09 18:19:33 +00:00
Swissky bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky 6f4a28ef66 Slim RCE + CAP list 2019-12-05 23:06:53 +01:00
Alexandre ZANNI 6a398ca5c3
Ruby: add slim 2019-11-16 17:29:55 +01:00
Swissky ed252df92e krb5.keytab + credential use summary 2019-10-20 13:25:06 +02:00
Swissky a0917241ad Pebble - Server Side Template Injection 2019-09-17 15:43:13 +02:00
Swissky 45af613fd9 Active Directory - Unconstrained delegation 2019-07-17 23:17:35 +02:00
Swissky 382bd9acec Type Juggling - Another SHA 256 2019-07-14 14:23:20 +02:00
Swissky 504caa3b50 SSTI by calling Popen without guessing the offset 2019-07-10 21:31:44 +02:00