mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2026-02-11 18:02:10 +01:00

No description

Find a file

You Know Who bd264beebc Update NoSQL.txt		2025-04-21 16:59:08 +07:00
.github
_LEARNING_AND_SOCIALS
_template_vuln
Account Takeover
API Key Leaks
Business Logic Errors
Clickjacking
Client Side Path Traversal
Command Injection
CORS Misconfiguration
CRLF Injection	Markdown Linting - CORS, CRLF, CSPT, CSRF, Command Injection	2025-03-24 16:52:42 +01:00
Cross-Site Request Forgery
CSV Injection
CVE Exploits
Denial of Service
Dependency Confusion
Directory Traversal
DNS Rebinding
DOM Clobbering
External Variable Modification
File Inclusion
Google Web Toolkit
GraphQL Injection
Headless Browser
Hidden Parameters
HTTP Parameter Pollution
Insecure Deserialization	Fix broken links	2025-03-27 11:16:36 +01:00
Insecure Direct Object References
Insecure Management Interface	Markdown Linting - Parameters, Browsers, Deserialization Randomness	2025-03-26 16:33:07 +01:00
Insecure Randomness
Insecure Source Code Management
Java RMI	Markdown Linting - Source Code, JWT, RMI, LDAP, LaTeX	2025-03-26 16:48:22 +01:00
JSON Web Token
LaTeX Injection
LDAP Injection
Mass Assignment
Methodology and Resources
NoSQL Injection	Update NoSQL.txt	2025-04-21 16:59:08 +07:00
OAuth Misconfiguration
Open Redirect	Markdown Linting - Mass Assignment, NoSQL, OAuth, Redirect	2025-03-26 17:06:01 +01:00
ORM Leak
Prompt Injection
Prototype Pollution
Race Condition
Regular Expression
Request Smuggling
SAML Injection
Server Side Include Injection
Server Side Request Forgery
Server Side Template Injection
SQL Injection
Tabnabbing
Type Juggling
Upload Insecure Files
Web Cache Deception
Web Sockets
XPATH Injection
XSLT Injection	Markdown Linting - SQL, Juggling, XSLT, XSS, Zip	2025-03-26 20:53:03 +01:00
XSS Injection
XXE Injection
Zip Slip
.gitignore
CONTRIBUTING.md	Fix broken links	2025-03-27 11:16:36 +01:00
custom.css	CSS - Update style color + Blind SQL Oracle	2023-12-10 13:27:21 +01:00
DISCLAIMER.md
LICENSE
mkdocs.yml
README.md

README.md

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

You can also contribute with a 🍻 IRL, or using the sponsor button

An alternative display version is available at PayloadsAllTheThingsWeb.

📖 Documentation

Every section contains the following files, you can use the _template_vuln folder to create a new chapter:

README.md - vulnerability description and how to exploit it, including several payloads
Intruder - a set of files to give to Burp Intruder
Images - pictures for the README.md
Files - some files referenced in the README.md

You might also like the other projects from the AllTheThings family :

InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
HardwareAllTheThings - Hardware/IOT Pentesting Wiki

You want more ? Check the Books and Youtube channel selections.

🧑‍💻 Contributions

Be sure to read CONTRIBUTING.md

Thanks again for your contribution! ❤️

🍻 Sponsors

This project is proudly sponsored by these companies: