mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-09-28 07:09:41 +02:00

A list of useful payloads and bypass for Web Application Security and Pentest/CTF https://github.com/swisskyrepo/PayloadsAllTheThings

Go to file

mpgn 367296c1f1 Update Smarty Template Injection		2021-05-20 16:42:51 +02:00
_template_vuln
.github
Account Takeover
API Key Leaks
AWS Amazon Bucket S3
Command Injection
CORS Misconfiguration
CRLF Injection
CSRF Injection
CSV Injection
CVE Exploits
Directory Traversal
File Inclusion
GraphQL Injection
HTTP Parameter Pollution
Insecure Deserialization
Insecure Direct Object References
Insecure Management Interface
Insecure Source Code Management
JSON Web Token
Kubernetes
LaTeX Injection
LDAP Injection
Methodology and Resources
NoSQL Injection
OAuth
Open Redirect
Race Condition
Request Smuggling
SAML Injection
Server Side Request Forgery
Server Side Template Injection	Update Smarty Template Injection	2021-05-20 16:42:51 +02:00
SQL Injection
Tabnabbing
Type Juggling
Upload Insecure Files
Web Cache Deception
Web Sockets
XPATH Injection
XSLT Injection
XSS Injection
XXE Injection
.gitignore
BOOKS.md
CONTRIBUTING.md
LICENSE
README.md
TWITTER.md
YOUTUBE.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

README.md - vulnerability description and how to exploit it, including several payloads
Intruder - a set of files to give to Burp Intruder
Images - pictures for the README.md
Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.