wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-06-08 00:06:29 +02:00
Code Issues Releases Activity
1,422 Commits 2 Branches 5 Tags 53 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
idealphase 6738f878f3
Updated README.md 
Added References: Bypassing Signature-Based XSS Filters: Modifying Script Code
 2022-04-19 10:45:32 +07:00
idealphase de532030df
Merge branch 'swisskyrepo:master' into master 2022-04-19 10:43:04 +07:00
Swissky 85a50869f2
Merge pull request #482 from khiemtq-cyber/xss/angular-xss-1 
[update] Angular XSS payload
 2022-04-18 21:01:44 +02:00
Ooggle 39d1c6e7d8
Add document blacklist bypass 2022-04-09 12:55:21 +02:00
ktq-cyber 5d898e004f [update] Angular XSS payload 2022-02-23 22:26:16 +07:00
idealphase e9eac5ca59
Update README.md 2021-11-10 22:40:40 +07:00
idealphase 6c7df7dc4e
Update README.md 
Add Bypass dot filter
 2021-11-10 22:38:02 +07:00
Philippe Arteau 9d30f792d4
Remove filename with special characters. 
The filename are already covered in `XSS Injection/README.md`
 2021-10-29 12:56:55 -04:00
Philippe Arteau 16986febde
Remove filename with special characters. 
The filename are already covered in `XSS Injection/README.md`
 2021-10-29 12:56:41 -04:00
Philippe Arteau 7443da045a
Remove filename with special characters. 
The filename are already covered in `XSS Injection/README.md`
 2021-10-29 12:56:25 -04:00
Markus 7996b4f905
Update XSS README.md 
Remove unnecessary complexity from CSP bypass payload
 2021-10-01 16:10:23 +02:00
Lorenzo Grazian 7369ee28b3
Added XSS <object> payload 2021-09-02 15:14:29 +02:00
Swissky 1e85308ae2
Merge pull request #395 from daffainfo/patch-1 
Adding Cloudflare XSS payload
 2021-08-25 22:21:54 +02:00
Swissky f89597725a
Merge pull request #416 from Bort-Millipede/master 
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
 2021-08-25 22:17:53 +02:00
Alexandre ZANNI 4791962be5
document.domain, window.origin and console.log usage 2021-08-24 20:29:02 +02:00
Jeffrey Cap 9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Swissky 87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Xib3rR4dAr ae98d629f0
Update README.md 
Removed duplicates.
 2021-08-04 09:29:24 +05:00
Swissky 1fd9260d1e
Update README.md 2021-07-31 11:28:23 +02:00
c14dd49h ee12f8e480
Update README.md 2021-07-22 16:55:03 +02:00
c14dd49h eddc716d8c
Update README.md 2021-07-22 14:47:36 +02:00
Muhammad Daffa 2b6c3cb360
Adding Cloudflare XSS payload 2021-07-15 12:48:02 +07:00
PinkDev1 21c1690adf
Fixed typo on "Tips" section 2021-06-16 19:24:17 +00:00
Swissky 62b897c936
Merge pull request #376 from noraj/patch-2 
XSS: add quick tips for bXSS
 2021-06-16 13:56:29 +02:00
Alexandre ZANNI c469236204
XSS: add quick tips for bXSS 2021-06-16 13:25:46 +02:00
Alexandre ZANNI 8547ac7dfc
XSS: remove bluelotus 
the project is empty
 2021-06-16 13:18:08 +02:00
Swissky 08b59f2856 AD update CME+DCOM 2021-04-21 22:27:07 +02:00
linoskoczek 825295e465
Update README.md 
Fix broken links in Summary
 2021-03-18 19:16:59 +00:00
lapolis_aka_blu 6f758ba6c0
Added closing bracket in unicode full width bypass 
Yeah I know it is logic to use it if you really need the closing tag. But having both brackets in your repo makes it quicker to copy paste :D
 2021-01-15 16:38:51 +00:00
Swissky f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
Max Boll 2a65064d15 little update 2020-10-27 14:10:35 +01:00
Max Boll 350c55a1ac XSS Tools added 2020-10-27 13:31:37 +01:00
Vincent Gilles 0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
Max Rodrigo 2f40961990 Fix PHP XSS data collector line breaks 2020-09-05 10:36:58 +02:00
Viren Pawar 0266a7dd67
[Update] Added 1 payload 
Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application.
Working proof of payload here: 

https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x={{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
 2020-08-15 16:29:13 +05:30
Swissky c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
looCiprian 93a372cea4 Add jsfuck bypassing method to xss cheat sheet 2020-06-23 18:34:02 +02:00
reza.duty 010b550dec
Update README.md 2020-06-17 11:42:26 +04:30
reza.duty 03a0bda20d
Update README.md 2020-06-09 20:05:32 +04:30
Swissky 7f1c150edd Mimikatz Summary 2020-05-10 16:17:10 +02:00
Thomas Orlita d0bb0f6f5b
Update CSP Evaluator blog link 2020-05-10 10:32:51 +02:00
reza.duty eb28e4c28d
add Self Closing Script 2020-05-06 22:57:55 +04:30
Swissky 5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky e9b296adb3 DoyenSec Payloads XSS Google Scholar 2020-05-02 14:31:33 +02:00
bohdansec c4af354d8f
Update Cloudflare XSS bypasses 
Add 3 bypasses by Bohdan Korzhynskyi. Update twitter
 2020-04-22 00:51:36 +03:00
Çlirim Emini d3ce3924a9
Create 0xcela_event_handlers.txt 2020-01-15 17:00:26 +01:00
Kyle Martin e95b0c34a3 clarify AngularJS vs Angular 2019-12-07 10:54:47 +13:00
clem9669 286f7caaa3
Bypass XSS filters on alert 
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
 2019-12-03 15:24:24 +01:00
Minh Triet Pham Tran f44d014fc2
Copy this -> Cut this 
Change copy to cut instruction
 2019-12-02 12:59:54 +07:00