Skip to content
/ PayloadsAllTheThings Public
forked from swisskyrepo/PayloadsAllTheThings

Une liste de payload et de contournements utiles pour tout ce qui est Web Application Security, Pentest et CTF

License

MIT license
1 star 14.7k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xYazuko/PayloadsAllTheThings

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,447 Commits
.github
.github
 
 
API Key Leaks
API Key Leaks
 
 
AWS Amazon Bucket S3
AWS Amazon Bucket S3
 
 
Account Takeover
Account Takeover
 
 
CORS Misconfiguration
CORS Misconfiguration
 
 
CRLF Injection
CRLF Injection
 
 
CSRF Injection
CSRF Injection
 
 
CSV Injection
CSV Injection
 
 
CVE Exploits
CVE Exploits
 
 
Command Injection
Command Injection
 
 
DNS Rebinding
DNS Rebinding
 
 
Dependency Confusion
Dependency Confusion
 
 
Directory Traversal
Directory Traversal
 
 
File Inclusion
File Inclusion
 
 
GraphQL Injection
GraphQL Injection
 
 
HTTP Parameter Pollution
HTTP Parameter Pollution
 
 
Insecure Deserialization
Insecure Deserialization
 
 
Insecure Direct Object References
Insecure Direct Object References
 
 
Insecure Management Interface
Insecure Management Interface
 
 
Insecure Source Code Management
Insecure Source Code Management
 
 
JSON Web Token
JSON Web Token
 
 
Java RMI
Java RMI
 
 
Kubernetes
Kubernetes
 
 
LDAP Injection
LDAP Injection
 
 
LaTeX Injection
LaTeX Injection
 
 
Methodology and Resources
Methodology and Resources
 
 
NoSQL Injection
NoSQL Injection
 
 
OAuth
OAuth
 
 
Open Redirect
Open Redirect
 
 
Race Condition
Race Condition
 
 
Request Smuggling
Request Smuggling
 
 
SAML Injection
SAML Injection
 
 
SQL Injection
SQL Injection
 
 
Server Side Request Forgery
Server Side Request Forgery
 
 
Server Side Template Injection
Server Side Template Injection
 
 
Tabnabbing
Tabnabbing
 
 
Type Juggling
Type Juggling
 
 
Upload Insecure Files
Upload Insecure Files
 
 
Web Cache Deception
Web Cache Deception
 
 
Web Sockets
Web Sockets
 
 
XPATH Injection
XPATH Injection
 
 
XSLT Injection
XSLT Injection
 
 
XSS Injection
XSS Injection
 
 
XXE Injection
XXE Injection
 
 
_template_vuln
_template_vuln
 
 
.gitignore
.gitignore
 
 
BOOKS.md
BOOKS.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TWITTER.md
TWITTER.md
 
 
YOUTUBE.md
YOUTUBE.md
 
 

Repository files navigation

Payloads All The Things Tweet

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button.

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the Methodology and Resources folder :

You want more ? Check the Books and Youtube videos selections.

👨‍💻 Contributions

Be sure to read CONTRIBUTING.md

Thanks again for your contribution! ❤️

About

Une liste de payload et de contournements utiles pour tout ce qui est Web Application Security, Pentest et CTF

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 86.2%
  • Ruby 6.5%
  • ASP.NET 3.9%
  • Classic ASP 1.4%
  • PHP 1.4%
  • Jupyter Notebook 0.3%
  • Other 0.3%