Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2026-03-21 12:52:02 +01:00
Code Issues Projects Releases Wiki Activity
2176 commits 2 branches 7 tags 100 MiB
Commit graph

52 commits

Author SHA1 Message Date
Swissky
497fbe925b Archive external reference links via Wayback Machine 
Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
 2026-03-09 13:02:28 +01:00
Swissky
ab7e7390dc Fix broken links 2025-03-27 11:16:36 +01:00
Swissky
e03cdfff14 Markdown Linting - CSV, CVE, DBS, LFI, GWT, GraphQL 2025-03-26 16:22:53 +01:00
hacker
64b36854a7 External Variable Modification 2025-03-07 12:15:00 +01:00
Swissky
4f7201d9aa Lightyear tool - PHP wrappers 2025-01-22 16:38:16 +01:00
Swissky
e6466b4cf9 LFI/RFI pages 2024-11-29 11:52:51 +01:00
Swissky
118924f291 Challenges added for CRLF, Command Injection, File Inclusion 2024-11-12 19:01:34 +01:00
Swissky
e47391b12b References updated for Dom Clobbering, File Inclusion 2024-11-05 17:29:15 +01:00
Mach1ne
c4a19f8a2a
Add LFImap tool 2024-09-30 22:49:44 +02:00
Swissky
d5a6811193 Fix typos 2024-09-16 18:05:54 +02:00
Swissky
314e4da963 SSRF DNS AXFR + LFI PHAR payloads + LFI iconv 2024-06-16 21:17:42 +02:00
Swissky
b5251a673f XSLT payloads + Headless Browser 2024-05-31 00:07:21 +02:00
Swissky
5c42373a25 PHP filter prefix and suffix 2023-12-21 20:12:04 +01:00
Str3am
95a85b455d
Add two methods about LFI to RCE via PHP PEARCMD, and delete extra double quotes in method 2 payload 2023-11-01 00:35:59 +08:00
Str3am
072cac04d6
Add two methods about LFI to RCE via PHP PEARCMD 2023-11-01 00:26:27 +08:00
Swissky
7f1823efbe Fix character matching for '>' and its URL entity encoding from @CaoZnZZ 2023-10-10 13:56:57 +02:00
Swissky
892c68e6e7 PEAR_Config example 2023-10-02 17:12:36 +02:00
Swissky
837f220264 LFI with pearcmd.php 2023-10-02 12:52:10 +02:00
Swissky
d142587f28 Race Condition WIP + AD asreproast/kerberoasting 2023-10-01 12:42:20 +02:00
mpgn
3c7c863233
Fix path with sessionS with an S for php 2023-04-11 17:08:57 +02:00
Swissky
0a70636d28 ETW Providers 2023-04-03 10:48:53 +02:00
Swissky
fddd094ee1 LFI iconv and dechunk + ETW + NTDS Dump Rework 2023-03-27 22:38:25 +02:00
Swissky
fe41254fde XXS Public Example + PHP Filter RCE 2022-10-24 12:05:39 +02:00
Fabian S. Varon Valencia
a07468af9b use web archive to retrieve a readable version of this website - currently unavailable 2022-10-08 23:31:43 -05:00
Swissky
fbd7517e04 LFI2RCE - Picture Compression - SOCKS5 CS 2022-08-21 16:38:54 +02:00
its0x08
fc1f3b25a7 fix: Fix spelling 2022-08-09 11:02:21 +02:00
Swissky
28425b37a3 LFI to RCE via upload (FindFirstFile) 2022-06-19 22:48:46 +02:00
Swissky
c9ef8f7f49 Graftcp Cheatsheet 2021-12-29 18:16:26 +01:00
Ethan
68a4c9296b
Backwards compatibility for Python 2 2021-08-11 20:40:39 +01:00
Alexandre ZANNI
61eed94f18
add RCE via Apache logs in log poisoning 2021-05-10 11:48:14 +02:00
lanjelot
c6d0ba29e7 Add reference to panoptic and rip-hg tools 2020-12-12 04:52:21 +11:00
Gorgamite
1f96d34ddf
Specifying alternative access method through SSH 
Specifying alternative access method through SSH since SSH is assumed to be running on the Linux machine. Read id_rsa for that user to obtain the SSH private key.
 2020-10-25 02:51:07 -07:00
Siddharth Reddy
dbc3cb38ea
Update README.md 
Page not found [Local file inclusion mini list - Penetrate.io](https://penetrate.io/2014/09/25/local-file-inclusion-mini-list/).
 2020-10-09 17:59:30 +05:30
Swissky
63270e4d42
Delete Logs-files.txt 
Fix for https://github.com/swisskyrepo/PayloadsAllTheThings/issues/141
 2020-10-07 22:25:25 +02:00
Milan Veljkovic
d317b46af9
Update README.md 
I met with /var/log/apache2/ more often than /var/log/apache/ and i believe if someone is following this list, the apache2 items will make a difference. Cheers !
 2020-07-06 23:43:47 +02:00
0xdf
9d06e1297f added additional way to chain php filters 2020-02-20 06:40:30 -05:00
0xdf
7d650e9622 fixed error in chaining php filters in File Inclusion page, added an additional example 2020-02-20 06:30:28 -05:00
Borja
7be86354b2
Update File Inclusion 
Added another path
 2020-02-18 11:35:22 +00:00
Swissky
3abaa3e23d Linux AD - Keyring, Keytab, CCACHE 2019-11-25 23:12:06 +01:00
Alex Zeecka
83caef8ee1
Add filter iconv utf16 LFI bypass tricks 2019-10-17 17:40:59 +02:00
Swissky
8dffb59ac5 Pspy + Silver Ticket + MSSQL connect 2019-08-18 22:24:48 +02:00
Swissky
46780de750 PostgreSQL rewrite + LFI SSH 2019-06-29 19:23:34 +02:00
Swissky
3b85f1b6fc UTF-8 encoding for File Inclusion 2019-06-29 11:20:17 +02:00
Swissky
9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Swissky
a85fa5af28 Local File Include : rce via mail + kadimus 2019-06-10 00:05:47 +02:00
Swissky
e8cd11f88f plink + sshuttle : Network Pivoting Techniques 2019-06-09 18:13:15 +02:00
Jonas Wendorf
f5702467d6 Add nginx log files for LFI log poisoning 2019-05-30 12:01:24 +02:00
Swissky
b81df17589 RFI - Windows SMB allow_url_include = "Off" 2019-05-12 22:23:55 +02:00
Swissky
bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00