Backup_Repos/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2026-05-07 20:17:08 +02:00
Code Issues Projects Releases Wiki Activity
No description
2188 commits 2 branches 7 tags 103 MiB
Python 76.2%
ASP.NET 8.7%
XSLT 5.9%
Classic ASP 3.2%
PHP 3.1%
Other 2.8%
Find a file
f0rk3b0mb 981a76f2fd added ole automation command execution
2026-04-28 11:51:38 +03:00
.github added ole automation command execution 2026-04-28 11:40:56 +03:00
_LEARNING_AND_SOCIALS added ole automation command execution 2026-04-28 11:40:56 +03:00
_template_vuln added ole automation command execution 2026-04-28 11:40:56 +03:00
Account Takeover added ole automation command execution 2026-04-28 11:40:56 +03:00
API Key Leaks added ole automation command execution 2026-04-28 11:40:56 +03:00
Brute Force Rate Limit added ole automation command execution 2026-04-28 11:40:56 +03:00
Business Logic Errors added ole automation command execution 2026-04-28 11:40:56 +03:00
Clickjacking added ole automation command execution 2026-04-28 11:40:56 +03:00
Client Side Path Traversal added ole automation command execution 2026-04-28 11:40:56 +03:00
Command Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
CORS Misconfiguration added ole automation command execution 2026-04-28 11:40:56 +03:00
CRLF Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Cross-Site Request Forgery added ole automation command execution 2026-04-28 11:40:56 +03:00
CSS Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
CSV Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
CVE Exploits added ole automation command execution 2026-04-28 11:40:56 +03:00
Denial of Service added ole automation command execution 2026-04-28 11:40:56 +03:00
Dependency Confusion added ole automation command execution 2026-04-28 11:40:56 +03:00
Directory Traversal added ole automation command execution 2026-04-28 11:40:56 +03:00
DNS Rebinding added ole automation command execution 2026-04-28 11:40:56 +03:00
DOM Clobbering added ole automation command execution 2026-04-28 11:40:56 +03:00
Encoding Transformations added ole automation command execution 2026-04-28 11:40:56 +03:00
External Variable Modification added ole automation command execution 2026-04-28 11:40:56 +03:00
File Inclusion added ole automation command execution 2026-04-28 11:40:56 +03:00
Google Web Toolkit added ole automation command execution 2026-04-28 11:40:56 +03:00
GraphQL Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Headless Browser added ole automation command execution 2026-04-28 11:40:56 +03:00
Hidden Parameters added ole automation command execution 2026-04-28 11:40:56 +03:00
HTTP Parameter Pollution added ole automation command execution 2026-04-28 11:40:56 +03:00
Insecure Deserialization added ole automation command execution 2026-04-28 11:40:56 +03:00
Insecure Direct Object References added ole automation command execution 2026-04-28 11:40:56 +03:00
Insecure Management Interface added ole automation command execution 2026-04-28 11:40:56 +03:00
Insecure Randomness added ole automation command execution 2026-04-28 11:40:56 +03:00
Insecure Source Code Management added ole automation command execution 2026-04-28 11:40:56 +03:00
Java RMI added ole automation command execution 2026-04-28 11:40:56 +03:00
JSON Web Token added ole automation command execution 2026-04-28 11:40:56 +03:00
LaTeX Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
LDAP Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Mass Assignment added ole automation command execution 2026-04-28 11:40:56 +03:00
Methodology and Resources added ole automation command execution 2026-04-28 11:40:56 +03:00
NoSQL Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
OAuth Misconfiguration added ole automation command execution 2026-04-28 11:40:56 +03:00
Open Redirect added ole automation command execution 2026-04-28 11:40:56 +03:00
ORM Leak added ole automation command execution 2026-04-28 11:40:56 +03:00
Prompt Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Prototype Pollution added ole automation command execution 2026-04-28 11:40:56 +03:00
Race Condition added ole automation command execution 2026-04-28 11:40:56 +03:00
Regular Expression added ole automation command execution 2026-04-28 11:40:56 +03:00
Request Smuggling added ole automation command execution 2026-04-28 11:40:56 +03:00
Reverse Proxy Misconfigurations added ole automation command execution 2026-04-28 11:40:56 +03:00
SAML Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Server Side Include Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Server Side Request Forgery added ole automation command execution 2026-04-28 11:40:56 +03:00
Server Side Template Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
SQL Injection added ole automation command execution 2026-04-28 11:51:38 +03:00
Tabnabbing added ole automation command execution 2026-04-28 11:40:56 +03:00
Type Juggling added ole automation command execution 2026-04-28 11:40:56 +03:00
Upload Insecure Files added ole automation command execution 2026-04-28 11:40:56 +03:00
Virtual Hosts added ole automation command execution 2026-04-28 11:40:56 +03:00
Web Cache Deception added ole automation command execution 2026-04-28 11:40:56 +03:00
Web Sockets added ole automation command execution 2026-04-28 11:40:56 +03:00
XPATH Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
XS-Leak added ole automation command execution 2026-04-28 11:40:56 +03:00
XSLT Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
XSS Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
XXE Injection added ole automation command execution 2026-04-28 11:40:56 +03:00
Zip Slip added ole automation command execution 2026-04-28 11:40:56 +03:00
.gitignore added ole automation command execution 2026-04-28 11:40:56 +03:00
CONTRIBUTING.md Normalize commands, callbacks and references 2026-04-22 15:03:31 +02:00
custom.css added ole automation command execution 2026-04-28 11:40:56 +03:00
DISCLAIMER.md added ole automation command execution 2026-04-28 11:40:56 +03:00
LICENSE added ole automation command execution 2026-04-28 11:40:56 +03:00
mkdocs.yml added ole automation command execution 2026-04-28 11:40:56 +03:00
README.md added ole automation command execution 2026-04-28 11:40:56 +03:00

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!

You can also contribute with a 🍻 IRL, or using the sponsor button.

Sponsor Tweet

An alternative display version is available at PayloadsAllTheThingsWeb.

banner

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

  • README.md - vulnerability description and how to exploit it, including several payloads
  • Intruder - a set of files to give to Burp Intruder
  • Images - pictures for the README.md
  • Files - some files referenced in the README.md

You might also like the other projects from the AllTheThings family :

You want more? Check the Books and YouTube channel selections.

🧑‍💻 Contributions

Be sure to read CONTRIBUTING.md

sponsors-list

Thanks again for your contribution! ❤️

🍻 Sponsors

This project is proudly sponsored by these companies.

Logo Description
sponsor-serpapi SerpApi is a real time API to access Google search results. It solves the issues of having to rent proxies, solving captchas, and JSON parsing.
sponsor-projectdiscovery ProjectDiscovery - Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
sponsor-vaadata VAADATA - Ethical Hacking Services