Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2026-01-20 15:12:53 +01:00
Code Issues Projects Releases Wiki Activity
2155 commits 2 branches 7 tags 92 MiB
Commit graph

2155 commits

This branch
This branch
All branches
Author SHA1 Message Date
Swissky
a711494a64
Merge pull request #812 from vladko312/master 
New SSTI payloads for Error-Based and Boolean-Based techniques
 2026-01-03 22:51:40 +01:00
Swissky
08b5c4c868
Unordered list style [Expected: dash; Actual: asterisk] 2026-01-03 22:50:37 +01:00
vladko312
bec6524774 SSTI: 
- Fixed NodeJS payloads
 2026-01-03 23:19:26 +03:00
vladko312
09a5f07345 SSI, SSTI: 
- Improved MarkDown
 2026-01-03 22:20:19 +03:00
Vladislav Korchagin
4831e36fb8
Merge branch 'master' into master 2026-01-03 19:06:57 +03:00
Swissky
45661ef925
Merge pull request #809 from HackingRepo/patch-2 
Update README with URL parsing examples
 2026-01-03 16:57:44 +01:00
Swissky
cd548698eb Reverse Proxy Misconfigurations markdown linting 2026-01-03 16:52:21 +01:00
Swissky
b890ac4c9d
Merge pull request #813 from MegaManSec/master 
add gixy-next
 2026-01-03 16:48:55 +01:00
Swissky
2c2552d1fe
Update Gixy-Next link in README.md 2026-01-03 16:48:14 +01:00
vladko312
abbbf2fc95 SSTI: 
- Fixed NodeJS payloads
 2026-01-03 18:43:24 +03:00
Swissky
d345536ff4 Fix markdown linting 2026-01-03 15:47:05 +01:00
Swissky
41f2f96509
Merge pull request #808 from Brum3ns/master 
Updated SSTI with novel obfuscation payloads
 2026-01-03 15:44:38 +01:00
Joshua Rogers
bb325561a1 add gixy-next 2026-01-03 23:34:47 +11:00
vladko312
7fb2ff75d7 SSI: 
- Added SSTImap to the tools, as it now supports SSI detection and exploitation
SSTI:
- Added description for known detection and exploitation techniques
- Added payloads for universal detection
- Added universal payloads for different languages
- Added Error-Based and Boolean-Based payloads
- Moved SpEL payloads using `T()` to the correct category
- Moved Pug payloads to the correct language and updated info to reflect the actual name
 2026-01-03 05:20:04 +03:00
Swissky
bd72827e58 ORM leak lint + crapsecret 2026-01-02 19:46:23 +01:00
RelunSec
c975f61fa0
Fix typo in README regarding URL formatting 2025-12-19 07:48:57 -08:00
RelunSec
09bdd83685
Update README with URL parsing examples 
Added examples of URL formats and parser behaviors.
 2025-12-18 23:41:37 -08:00
brumens
a957c3f96d Fixed markdown linting 2025-12-15 11:30:06 +01:00
Swissky
39da0328b8 Indicators for deserialization 2025-12-12 11:32:33 +01:00
Swissky
ba62eed782 SQLite extensions 2025-12-07 19:52:51 +01:00
brumens
5f1a39d272 Added author to research reference 2025-12-03 14:09:02 +01:00
brumens
3cf745b90c Added Jinja and Mako obf payloads 2025-12-03 14:07:37 +01:00
brumens
e2ce1c96dc Added Smarty and Twig obf payload 2025-12-03 14:05:41 +01:00
brumens
7ca2ca2a75 Added Groovy and FreeMarker obf payloads 2025-12-03 13:58:49 +01:00
brumens
52daa1d820 Updated SSTI Reference 2025-12-03 13:58:27 +01:00
Swissky
ca50df2336 Fix markdown linting 2025-11-15 17:36:38 +01:00
Swissky
80a6b5e1d0
Merge pull request #806 from Reelix/patch-1 
Fixed missing {FILE} placeholders
 2025-11-15 11:34:17 -05:00
Swissky
e653e7c67b
Merge pull request #802 from Aaditya-Chunekar/patch-1 
hacktoberfest - Update YouTube.md with new resources
 2025-11-15 11:31:35 -05:00
Swissky
24527a5155
Merge pull request #791 from piranhaAD/patch-1 
Correcting the  Payload for xxe ssrf
 2025-11-15 11:19:05 -05:00
Swissky
832b54fd95 Syntax Highlighting SSTI 2025-11-15 17:11:42 +01:00
Swissky
5c0ee4c6d9 SQL injection hashed password + MSSQL links 2025-11-02 18:21:19 +01:00
Reelix
3359054ecf
Fixed missing {FILE} placeholders 
The bottom few options were missing the {FILE} placeholders.

This fixes them.
 2025-10-31 14:22:13 +02:00
Aaditya
9a08798848
hacktoberfest - Update YouTube.md with new resources 
Added LaurieWired and Tib3rius YouTube channels.
 2025-10-22 19:44:31 +05:30
Swissky
d49faf9874 Markdown Fix Lint 2025-10-05 18:54:42 +02:00
Swissky
0dc0978853 Brute Force and Rate Limit 2025-10-05 18:51:11 +02:00
Swissky
fc06c0e13b
Merge pull request #797 from mbiesiad/master 
Update Web Attack Surface.md
 2025-10-02 10:40:26 -04:00
Michal Biesiada
ff57c499cc
Update Web Attack Surface.md 
Missing path added /blob/main/docs/
 2025-10-02 10:50:07 +02:00
Swissky
8cf79275a6
Merge pull request #795 from cclauss/patch-1 
Upgrade GitHub Actions
 2025-10-01 12:47:14 -04:00
Christian Clauss
6409004743
Update GitHub Actions 2025-10-01 14:52:10 +02:00
Christian Clauss
707c06272f
Upgrade GitHub Actions 
* https://github.com/actions/checkout/releases
* https://github.com/actions/setup-python/releases
 2025-10-01 14:49:34 +02:00
Swissky
bd5b09a85b
Merge pull request #793 from DivInstance/chore/mkdocs-edit-link-and-readme-polish 
chore(docs): fix MkDocs edit link and polish README grammar
 2025-09-19 08:48:05 -04:00
Divyaranjan Sahoo
3be0e164ab chore(docs): fix MkDocs edit link and polish README grammar 
- Use edit/master so 'Edit this page' opens the editor
- Standardize punctuation and YouTube casing
 2025-09-19 15:13:54 +05:30
Swissky
ebf2b0d912
Merge pull request #792 from pranjalpokharel7/master 
Remove broken link for SQLite
 2025-09-13 08:15:02 -04:00
pranjalpokharel7
27e6c2aa8d Replace broken link for SQLite with archive link 2025-09-13 07:51:58 +05:45
piranha
aa85b80ace
correction of xxe ssrf payload 
remove the % from the payload as it's not a parametrized entity
 2025-09-09 19:16:45 +01:00
Swissky
b391de2117 Lint fix 2025-08-14 11:09:47 +02:00
Swissky
72df15e2e8
Merge pull request #786 from n3rada/master 
Add Velocity SSTI payloads with base64 command support
 2025-08-13 20:39:34 +02:00
n3rada
f3cdd4ff0c
fix(markdown): add blank lines around fenced code blocks to satisfy MD031 2025-08-13 18:29:00 +00:00
n3rada
d04a38a67c
refactor(template): rename Velocity payload variables for clarity 2025-08-13 18:14:47 +00:00
Swissky
2f9f87bfae
Merge pull request #777 from youknowwho-98/patch-1 
Update NoSQL.txt
 2025-08-13 16:07:06 +02:00