├── .github ├── FUNDING.yml ├── banner.png ├── hopla_config.json └── workflows │ └── ci.yml ├── .gitignore ├── API Key Leaks ├── Files │ └── MachineKeys.txt └── README.md ├── AWS Amazon Bucket S3 └── README.md ├── Account Takeover └── README.md ├── Argument Injection └── README.md ├── Business Logic Errors └── README.md ├── CICD └── README.md ├── CONTRIBUTING.md ├── CORS Misconfiguration └── README.md ├── CRLF Injection ├── README.md └── crlfinjection.txt ├── CSRF Injection ├── Images │ └── CSRF-CheatSheet.png └── README.md ├── CSV Injection └── README.md ├── CVE Exploits ├── Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py ├── Apache Struts 2 CVE-2017-9805.py ├── Apache Struts 2 CVE-2018-11776.py ├── Citrix CVE-2019-19781.py ├── Docker API RCE.py ├── Drupalgeddon2 CVE-2018-7600.rb ├── Heartbleed CVE-2014-0160.py ├── JBoss CVE-2015-7501.py ├── Jenkins CVE-2015-8103.py ├── Jenkins CVE-2016-0792.py ├── Jenkins Groovy Console.py ├── Log4Shell.md ├── README.md ├── Rails CVE-2019-5420.rb ├── Shellshock CVE-2014-6271.py ├── Telerik CVE-2017-9248.py ├── Telerik CVE-2019-18935.py ├── Tomcat CVE-2017-12617.py ├── WebLogic CVE-2016-3510.py ├── WebLogic CVE-2017-10271.py ├── WebLogic CVE-2018-2894.py ├── WebSphere CVE-2015-7450.py └── vBulletin RCE 5.0.0 - 5.5.4.sh ├── Command Injection ├── Intruder │ ├── command-execution-unix.txt │ └── command_exec.txt └── README.md ├── DNS Rebinding └── README.md ├── Dependency Confusion └── README.md ├── Directory Traversal ├── Intruder │ ├── deep_traversal.txt │ ├── directory_traversal.txt │ ├── dotdotpwn.txt │ └── traversals-8-deep-exotic-encoding.txt └── README.md ├── Dom Clobbering └── README.md ├── File Inclusion ├── Intruders │ ├── BSD-files.txt │ ├── JHADDIX_LFI.txt │ ├── LFI-FD-check.txt │ ├── LFI-WindowsFileCheck.txt │ ├── Linux-files.txt │ ├── List_Of_File_To_Include.txt │ ├── List_Of_File_To_Include_NullByteAdded.txt │ ├── Mac-files.txt │ ├── Traversal.txt │ ├── Web-files.txt │ ├── Windows-files.txt │ ├── dot-slash-PathTraversal_and_LFI_pairing.txt │ └── simple-check.txt ├── LFI2RCE.py ├── README.md ├── phpinfolfi.py └── uploadlfi.py ├── GraphQL Injection ├── Images │ └── htb-help.png └── README.md ├── HTTP Parameter Pollution └── README.md ├── Insecure Deserialization ├── DotNET.md ├── Files │ ├── Ruby_universal_gadget_generate_verify.rb │ ├── node-serialize.js │ └── ruby-serialize.yaml ├── Images │ └── NETNativeFormatters.png ├── Java.md ├── Node.md ├── PHP.md ├── Python.md ├── README.md ├── Ruby.md └── YAML.md ├── Insecure Direct Object References ├── Images │ └── idor.png └── README.md ├── Insecure Management Interface ├── Intruder │ └── springboot_actuator.txt └── README.md ├── Insecure Randomness └── README.md ├── Insecure Source Code Management ├── Files │ └── github-dorks.txt └── README.md ├── JSON Web Token └── README.md ├── Java RMI └── README.md ├── Kubernetes └── README.md ├── LDAP Injection ├── Intruder │ ├── LDAP_FUZZ.txt │ └── LDAP_attributes.txt └── README.md ├── LICENSE ├── LaTeX Injection └── README.md ├── Mass Assignment └── README.md ├── Methodology and Resources ├── Active Directory Attack.md ├── Bind Shell Cheatsheet.md ├── Cloud - AWS Pentest.md ├── Cloud - Azure Pentest.md ├── Cobalt Strike - Cheatsheet.md ├── Container - Docker Pentest.md ├── Container - Kubernetes Pentest.md ├── Escape Breakout.md ├── HTML Smuggling.md ├── Hash Cracking.md ├── Linux - Evasion.md ├── Linux - Persistence.md ├── Linux - Privilege Escalation.md ├── MSSQL Server - Cheatsheet.md ├── Metasploit - Cheatsheet.md ├── Methodology and enumeration.md ├── Miscellaneous - Tricks.md ├── Network Discovery.md ├── Network Pivoting Techniques.md ├── Office - Attacks.md ├── Powershell - Cheatsheet.md ├── Reverse Shell Cheatsheet.md ├── Source Code Management.md ├── Subdomains Enumeration.md ├── Windows - AMSI Bypass.md ├── Windows - DPAPI.md ├── Windows - Defenses.md ├── Windows - Download and Execute.md ├── Windows - Mimikatz.md ├── Windows - Persistence.md ├── Windows - Privilege Escalation.md └── Windows - Using credentials.md ├── NoSQL Injection ├── Intruder │ └── NoSQL.txt └── README.md ├── OAuth Misconfiguration └── README.md ├── Open Redirect ├── Intruder │ ├── Open-Redirect-payloads.txt │ ├── open_redirect_wordlist.txt │ └── openredirects.txt └── README.md ├── Prompt Injection └── README.md ├── Prototype Pollution └── README.md ├── README.md ├── Race Condition └── README.md ├── Request Smuggling └── README.md ├── SAML Injection ├── Images │ ├── SAML-xml-flaw.png │ └── XSLT1.jpg └── README.md ├── SQL Injection ├── BigQuery Injection.md ├── Cassandra Injection.md ├── DB2 Injection.md ├── HQL Injection.md ├── Images │ ├── PostgreSQL_cmd_exec.png │ ├── Unicode_SQL_injection.png │ └── wildcard_underscore.jpg ├── Intruder │ ├── Auth_Bypass.txt │ ├── Auth_Bypass2.txt │ ├── FUZZDB_MSSQL-WHERE_Time.txt │ ├── FUZZDB_MSSQL.txt │ ├── FUZZDB_MSSQL_Enumeration.txt │ ├── FUZZDB_MYSQL.txt │ ├── FUZZDB_MySQL-WHERE_Time.txt │ ├── FUZZDB_MySQL_ReadLocalFiles.txt │ ├── FUZZDB_Oracle.txt │ ├── FUZZDB_Postgres_Enumeration.txt │ ├── Generic_ErrorBased.txt │ ├── Generic_Fuzz.txt │ ├── Generic_TimeBased.txt │ ├── Generic_UnionSelect.txt │ ├── SQL-Injection │ ├── SQLi_Polyglots.txt │ ├── payloads-sql-blind-MSSQL-INSERT │ ├── payloads-sql-blind-MSSQL-WHERE │ ├── payloads-sql-blind-MySQL-INSERT │ ├── payloads-sql-blind-MySQL-ORDER_BY │ └── payloads-sql-blind-MySQL-WHERE ├── MSSQL Injection.md ├── MySQL Injection.md ├── OracleSQL Injection.md ├── PostgreSQL Injection.md ├── README.md └── SQLite Injection.md ├── Server Side Include Injection └── README.md ├── Server Side Request Forgery ├── Files │ ├── SSRF_expect.svg │ ├── SSRF_url.svg │ ├── ip.py │ ├── ssrf_ffmpeg.avi │ ├── ssrf_iframe.svg │ ├── ssrf_svg_css_import.svg │ ├── ssrf_svg_css_link.svg │ ├── ssrf_svg_css_xmlstylesheet.svg │ ├── ssrf_svg_image.svg │ └── ssrf_svg_use.svg ├── Images │ ├── Parser and Curl less than 7.54.png │ ├── SSRF_PDF.png │ ├── SSRF_Parser.png │ ├── SSRF_stream.png │ ├── WeakParser.jpg │ └── aws-cli.jpg └── README.md ├── Server Side Template Injection ├── Images │ └── serverside.png ├── Intruder │ └── ssti.fuzz └── README.md ├── Tabnabbing └── README.md ├── Type Juggling ├── Images │ └── table_representing_behavior_of_PHP_with_loose_type_comparisons.png └── README.md ├── Upload Insecure Files ├── CVE Ffmpeg HLS │ ├── README.md │ ├── gen_avi_bypass.py │ ├── gen_xbin_avi.py │ ├── read_passwd.avi │ ├── read_passwd_bypass.mp4 │ ├── read_shadow.avi │ └── read_shadow_bypass.mp4 ├── CVE ZIP Symbolic Link │ ├── etc_passwd.zip │ ├── generate.sh │ └── passwd ├── Configuration Apache .htaccess │ ├── .htaccess │ ├── .htaccess_phpinfo │ ├── .htaccess_rce_files │ ├── .htaccess_shell │ └── README.md ├── Configuration Busybox httpd.conf │ ├── README.md │ ├── httpd.conf │ └── shellymcshellface.sh ├── Configuration IIS web.config │ └── web.config ├── Configuration Python __init__.py │ ├── python-admin-__init__.py.zip │ ├── python-conf-__init__.py.zip │ ├── python-config-__init__.py.zip │ ├── python-controllers-__init__.py.zip │ ├── python-generate-init.py │ ├── python-login-__init__.py.zip │ ├── python-models-__init__.py.zip │ ├── python-modules-__init__.py.zip │ ├── python-scripts-__init__.py.zip │ ├── python-settings-__init__.py.zip │ ├── python-tests-__init__.py.zip │ ├── python-urls-__init__.py.zip │ ├── python-utils-__init__.py.zip │ └── python-view-__init__.py.zip ├── Configuration uwsgi.ini │ ├── README.md │ └── uwsgi.ini ├── EICAR │ └── eicar.txt ├── Extension ASP │ ├── shell.asa │ ├── shell.ashx │ ├── shell.asmx │ ├── shell.asp │ ├── shell.aspx │ ├── shell.cer │ ├── shell.soap │ └── shell.xamlx ├── Extension Flash │ ├── README.md │ ├── xss.swf │ └── xssproject.swf ├── Extension HTML │ └── xss.html ├── Extension PDF JS │ ├── poc.js │ ├── poc.py │ └── result.pdf ├── Extension PHP │ ├── extensions.lst │ ├── phpinfo.jpg.php │ ├── phpinfo.phar │ ├── phpinfo.php │ ├── phpinfo.php3 │ ├── phpinfo.php4 │ ├── phpinfo.php5 │ ├── phpinfo.php7 │ ├── phpinfo.php8 │ ├── phpinfo.phpt │ ├── phpinfo.pht │ ├── phpinfo.phtml │ ├── shell.gif^shell.php │ ├── shell.jpeg.php │ ├── shell.jpg.php │ ├── shell.jpg^shell.php │ ├── shell.pgif │ ├── shell.phar │ ├── shell.php │ ├── shell.php3 │ ├── shell.php4 │ ├── shell.php5 │ ├── shell.php7 │ ├── shell.phpt │ ├── shell.pht │ ├── shell.phtml │ ├── shell.png.php │ └── shell.png^shell.php ├── Images │ └── file-upload-mindmap.png ├── Jetty RCE │ └── JettyShell.xml ├── Picture Compression │ ├── GIF_exploit.gif │ ├── JPG_exploit-55.jpg │ ├── PNG_110x110_resize_bypass_use_LFI.png │ ├── PNG_32x32_resize_bypass_use_LFI.png │ ├── createBulletproofJPG.py │ ├── createCompressedPNG_110x110.php │ ├── createGIFwithGlobalColorTable.php │ └── createPNGwithPLTE.php ├── Picture ImageMagick │ ├── README.md │ ├── convert_local_etc_passwd.svg │ ├── convert_local_etc_passwd_html.svg │ ├── ghostscript_rce_curl.jpg │ ├── imagemagick_CVE-2022-44268_convert_etc_passwd.png │ ├── imagemagick_ghostscript_cmd_exec.pdf │ ├── imagemagik_ghostscript_reverse_shell.jpg │ ├── imagetragik1_payload_imageover_file_exfiltration_pangu_wrapper.jpg │ ├── imagetragik1_payload_imageover_file_exfiltration_text_wrapper.jpg │ ├── imagetragik1_payload_imageover_reverse_shell_devtcp.jpg │ ├── imagetragik1_payload_imageover_reverse_shell_netcat_fifo.png │ ├── imagetragik1_payload_imageover_wget.gif │ ├── imagetragik1_payload_url_bind_shell_nc.mvg │ ├── imagetragik1_payload_url_curl.png │ ├── imagetragik1_payload_url_portscan.jpg │ ├── imagetragik1_payload_url_remote_connection.mvg │ ├── imagetragik1_payload_url_reverse_shell_bash.mvg │ ├── imagetragik1_payload_url_touch.jpg │ ├── imagetragik1_payload_xml_reverse_shell_nctraditional.xml │ ├── imagetragik1_payload_xml_reverse_shell_netcat_encoded.xml │ ├── imagetragik2_burpcollaborator_passwd.jpg │ ├── imagetragik2_centos_id.jpg │ ├── imagetragik2_ubuntu_id.jpg │ ├── imagetragik2_ubuntu_shell.jpg │ └── imagetragik2_ubuntu_shell2.jpg ├── Picture Metadata │ ├── Build_image_to_LFI.py │ ├── CVE-2021-22204_exiftool_echo.jpg │ ├── CVE-2021-22204_exiftool_revshell.jpg │ ├── PHP_exif_phpinfo.jpg │ ├── PHP_exif_system.gif │ ├── PHP_exif_system.jpg │ └── PHP_exif_system.png ├── README.md ├── Server Side Include │ ├── exec.shtml │ ├── include.shtml │ └── index.stm └── Zip Slip │ └── README.md ├── Web Cache Deception ├── Intruders │ └── param_miner_lowercase_headers.txt └── README.md ├── Web Sockets ├── Files │ └── ws-harness.py ├── Images │ ├── WebsocketHarness.jpg │ ├── sqlmap.png │ └── websocket-harness-start.png └── README.md ├── XPATH Injection └── README.md ├── XSLT Injection └── README.md ├── XSS Injection ├── Files │ ├── InsecureFlashFile.swf │ ├── JupyterNotebookXSS.ipynb │ ├── SVG_XSS.svg │ ├── SVG_XSS1.svg │ ├── SVG_XSS2.svg │ ├── SVG_XSS3.svg │ ├── SWF_XSS.swf │ ├── mouseover-xss-ecs.jpeg │ ├── onclick-xss-ecs.jpeg │ ├── payload_in_all_known_exif_corrupted.jpg │ ├── payload_in_all_known_exif_corrupted.png │ ├── payload_in_all_known_metadata.jpg │ ├── payload_in_all_known_metadata.png │ ├── payload_text_xss.png │ ├── xml.xsd │ ├── xss.cer │ ├── xss.dtd │ ├── xss.htm │ ├── xss.html.demo │ ├── xss.hxt │ ├── xss.mno │ ├── xss.rdf │ ├── xss.svgz │ ├── xss.url.url │ ├── xss.vml │ ├── xss.wsdl │ ├── xss.xht │ ├── xss.xhtml │ ├── xss.xml │ ├── xss.xsd │ ├── xss.xsf │ ├── xss.xsl │ ├── xss.xslt │ ├── xss_comment_exif_metadata_double_quote.png │ └── xss_comment_exif_metadata_single_quote.png ├── Images │ └── DwrkbH1VAAErOI2.jpg ├── Intruders │ ├── 0xcela_event_handlers.txt │ ├── BRUTELOGIC-XSS-JS.txt │ ├── BRUTELOGIC-XSS-STRINGS.txt │ ├── IntrudersXSS.txt │ ├── JHADDIX_XSS.txt │ ├── MarioXSSVectors.txt │ ├── RSNAKE_XSS.txt │ ├── XSSDetection.txt │ ├── XSS_Polyglots.txt │ ├── jsonp_endpoint.txt │ ├── xss_alert.txt │ ├── xss_payloads_quick.txt │ └── xss_swf_fuzz.txt ├── README.md ├── XSS in Angular.md └── XSS with Relative Path Overwrite.md ├── XXE Injection ├── Files │ ├── Classic XXE - etc passwd.xml │ ├── Classic XXE B64 Encoded.xml │ ├── Classic XXE.xml │ ├── Deny Of Service - Billion Laugh Attack │ ├── XXE OOB Attack (Yunusov, 2013).xml │ └── XXE PHP Wrapper.xml ├── Intruders │ ├── XXE_Fuzzing.txt │ └── xml-attacks.txt └── README.md ├── _LEARNING_AND_SOCIALS ├── BOOKS.md ├── TWITTER.md └── YOUTUBE.md ├── _template_vuln └── README.md ├── custom.css └── mkdocs.yml /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/.github/banner.png -------------------------------------------------------------------------------- /.github/hopla_config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/.github/hopla_config.json -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | BuildPDF/ 2 | .vscode 3 | .todo -------------------------------------------------------------------------------- /API Key Leaks/Files/MachineKeys.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/API Key Leaks/Files/MachineKeys.txt -------------------------------------------------------------------------------- /API Key Leaks/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/API Key Leaks/README.md -------------------------------------------------------------------------------- /AWS Amazon Bucket S3/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/AWS Amazon Bucket S3/README.md -------------------------------------------------------------------------------- /Account Takeover/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Account Takeover/README.md -------------------------------------------------------------------------------- /Argument Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Argument Injection/README.md -------------------------------------------------------------------------------- /Business Logic Errors/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Business Logic Errors/README.md -------------------------------------------------------------------------------- /CICD/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CICD/README.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /CORS Misconfiguration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CORS Misconfiguration/README.md -------------------------------------------------------------------------------- /CRLF Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CRLF Injection/README.md -------------------------------------------------------------------------------- /CRLF Injection/crlfinjection.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CRLF Injection/crlfinjection.txt -------------------------------------------------------------------------------- /CSRF Injection/Images/CSRF-CheatSheet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CSRF Injection/Images/CSRF-CheatSheet.png -------------------------------------------------------------------------------- /CSRF Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CSRF Injection/README.md -------------------------------------------------------------------------------- /CSV Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CSV Injection/README.md -------------------------------------------------------------------------------- /CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py -------------------------------------------------------------------------------- /CVE Exploits/Apache Struts 2 CVE-2017-9805.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Apache Struts 2 CVE-2017-9805.py -------------------------------------------------------------------------------- /CVE Exploits/Apache Struts 2 CVE-2018-11776.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Apache Struts 2 CVE-2018-11776.py -------------------------------------------------------------------------------- /CVE Exploits/Citrix CVE-2019-19781.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Citrix CVE-2019-19781.py -------------------------------------------------------------------------------- /CVE Exploits/Docker API RCE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Docker API RCE.py -------------------------------------------------------------------------------- /CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb -------------------------------------------------------------------------------- /CVE Exploits/Heartbleed CVE-2014-0160.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Heartbleed CVE-2014-0160.py -------------------------------------------------------------------------------- /CVE Exploits/JBoss CVE-2015-7501.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/JBoss CVE-2015-7501.py -------------------------------------------------------------------------------- /CVE Exploits/Jenkins CVE-2015-8103.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Jenkins CVE-2015-8103.py -------------------------------------------------------------------------------- /CVE Exploits/Jenkins CVE-2016-0792.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Jenkins CVE-2016-0792.py -------------------------------------------------------------------------------- /CVE Exploits/Jenkins Groovy Console.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Jenkins Groovy Console.py -------------------------------------------------------------------------------- /CVE Exploits/Log4Shell.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Log4Shell.md -------------------------------------------------------------------------------- /CVE Exploits/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/README.md -------------------------------------------------------------------------------- /CVE Exploits/Rails CVE-2019-5420.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Rails CVE-2019-5420.rb -------------------------------------------------------------------------------- /CVE Exploits/Shellshock CVE-2014-6271.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Shellshock CVE-2014-6271.py -------------------------------------------------------------------------------- /CVE Exploits/Telerik CVE-2017-9248.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Telerik CVE-2017-9248.py -------------------------------------------------------------------------------- /CVE Exploits/Telerik CVE-2019-18935.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Telerik CVE-2019-18935.py -------------------------------------------------------------------------------- /CVE Exploits/Tomcat CVE-2017-12617.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/Tomcat CVE-2017-12617.py -------------------------------------------------------------------------------- /CVE Exploits/WebLogic CVE-2016-3510.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/WebLogic CVE-2016-3510.py -------------------------------------------------------------------------------- /CVE Exploits/WebLogic CVE-2017-10271.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/WebLogic CVE-2017-10271.py -------------------------------------------------------------------------------- /CVE Exploits/WebLogic CVE-2018-2894.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/WebLogic CVE-2018-2894.py -------------------------------------------------------------------------------- /CVE Exploits/WebSphere CVE-2015-7450.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/WebSphere CVE-2015-7450.py -------------------------------------------------------------------------------- /CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh -------------------------------------------------------------------------------- /Command Injection/Intruder/command-execution-unix.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Command Injection/Intruder/command-execution-unix.txt -------------------------------------------------------------------------------- /Command Injection/Intruder/command_exec.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Command Injection/Intruder/command_exec.txt -------------------------------------------------------------------------------- /Command Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Command Injection/README.md -------------------------------------------------------------------------------- /DNS Rebinding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/DNS Rebinding/README.md -------------------------------------------------------------------------------- /Dependency Confusion/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Dependency Confusion/README.md -------------------------------------------------------------------------------- /Directory Traversal/Intruder/deep_traversal.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Directory Traversal/Intruder/deep_traversal.txt -------------------------------------------------------------------------------- /Directory Traversal/Intruder/directory_traversal.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Directory Traversal/Intruder/directory_traversal.txt -------------------------------------------------------------------------------- /Directory Traversal/Intruder/dotdotpwn.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Directory Traversal/Intruder/dotdotpwn.txt -------------------------------------------------------------------------------- /Directory Traversal/Intruder/traversals-8-deep-exotic-encoding.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Directory Traversal/Intruder/traversals-8-deep-exotic-encoding.txt -------------------------------------------------------------------------------- /Directory Traversal/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Directory Traversal/README.md -------------------------------------------------------------------------------- /Dom Clobbering/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Dom Clobbering/README.md -------------------------------------------------------------------------------- /File Inclusion/Intruders/BSD-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/BSD-files.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/JHADDIX_LFI.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/JHADDIX_LFI.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/LFI-FD-check.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/LFI-FD-check.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/LFI-WindowsFileCheck.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/LFI-WindowsFileCheck.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/Linux-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/Linux-files.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/List_Of_File_To_Include.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/List_Of_File_To_Include.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/List_Of_File_To_Include_NullByteAdded.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/List_Of_File_To_Include_NullByteAdded.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/Mac-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/Mac-files.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/Traversal.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/Traversal.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/Web-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/Web-files.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/Windows-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/Windows-files.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/dot-slash-PathTraversal_and_LFI_pairing.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/dot-slash-PathTraversal_and_LFI_pairing.txt -------------------------------------------------------------------------------- /File Inclusion/Intruders/simple-check.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/Intruders/simple-check.txt -------------------------------------------------------------------------------- /File Inclusion/LFI2RCE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/LFI2RCE.py -------------------------------------------------------------------------------- /File Inclusion/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/README.md -------------------------------------------------------------------------------- /File Inclusion/phpinfolfi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/phpinfolfi.py -------------------------------------------------------------------------------- /File Inclusion/uploadlfi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/File Inclusion/uploadlfi.py -------------------------------------------------------------------------------- /GraphQL Injection/Images/htb-help.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/GraphQL Injection/Images/htb-help.png -------------------------------------------------------------------------------- /GraphQL Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/GraphQL Injection/README.md -------------------------------------------------------------------------------- /HTTP Parameter Pollution/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/HTTP Parameter Pollution/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/DotNET.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/DotNET.md -------------------------------------------------------------------------------- /Insecure Deserialization/Files/Ruby_universal_gadget_generate_verify.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Files/Ruby_universal_gadget_generate_verify.rb -------------------------------------------------------------------------------- /Insecure Deserialization/Files/node-serialize.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Files/node-serialize.js -------------------------------------------------------------------------------- /Insecure Deserialization/Files/ruby-serialize.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Files/ruby-serialize.yaml -------------------------------------------------------------------------------- /Insecure Deserialization/Images/NETNativeFormatters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Images/NETNativeFormatters.png -------------------------------------------------------------------------------- /Insecure Deserialization/Java.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Java.md -------------------------------------------------------------------------------- /Insecure Deserialization/Node.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Node.md -------------------------------------------------------------------------------- /Insecure Deserialization/PHP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/PHP.md -------------------------------------------------------------------------------- /Insecure Deserialization/Python.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Python.md -------------------------------------------------------------------------------- /Insecure Deserialization/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/README.md -------------------------------------------------------------------------------- /Insecure Deserialization/Ruby.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/Ruby.md -------------------------------------------------------------------------------- /Insecure Deserialization/YAML.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Deserialization/YAML.md -------------------------------------------------------------------------------- /Insecure Direct Object References/Images/idor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Direct Object References/Images/idor.png -------------------------------------------------------------------------------- /Insecure Direct Object References/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Direct Object References/README.md -------------------------------------------------------------------------------- /Insecure Management Interface/Intruder/springboot_actuator.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Management Interface/Intruder/springboot_actuator.txt -------------------------------------------------------------------------------- /Insecure Management Interface/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Management Interface/README.md -------------------------------------------------------------------------------- /Insecure Randomness/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Randomness/README.md -------------------------------------------------------------------------------- /Insecure Source Code Management/Files/github-dorks.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Source Code Management/Files/github-dorks.txt -------------------------------------------------------------------------------- /Insecure Source Code Management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Insecure Source Code Management/README.md -------------------------------------------------------------------------------- /JSON Web Token/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/JSON Web Token/README.md -------------------------------------------------------------------------------- /Java RMI/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Java RMI/README.md -------------------------------------------------------------------------------- /Kubernetes/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Kubernetes/README.md -------------------------------------------------------------------------------- /LDAP Injection/Intruder/LDAP_FUZZ.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/LDAP Injection/Intruder/LDAP_FUZZ.txt -------------------------------------------------------------------------------- /LDAP Injection/Intruder/LDAP_attributes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/LDAP Injection/Intruder/LDAP_attributes.txt -------------------------------------------------------------------------------- /LDAP Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/LDAP Injection/README.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/LICENSE -------------------------------------------------------------------------------- /LaTeX Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/LaTeX Injection/README.md -------------------------------------------------------------------------------- /Mass Assignment/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Mass Assignment/README.md -------------------------------------------------------------------------------- /Methodology and Resources/Active Directory Attack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Active Directory Attack.md -------------------------------------------------------------------------------- /Methodology and Resources/Bind Shell Cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Bind Shell Cheatsheet.md -------------------------------------------------------------------------------- /Methodology and Resources/Cloud - AWS Pentest.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Cloud - AWS Pentest.md -------------------------------------------------------------------------------- /Methodology and Resources/Cloud - Azure Pentest.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Cloud - Azure Pentest.md -------------------------------------------------------------------------------- /Methodology and Resources/Cobalt Strike - Cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Cobalt Strike - Cheatsheet.md -------------------------------------------------------------------------------- /Methodology and Resources/Container - Docker Pentest.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Container - Docker Pentest.md -------------------------------------------------------------------------------- /Methodology and Resources/Container - Kubernetes Pentest.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Container - Kubernetes Pentest.md -------------------------------------------------------------------------------- /Methodology and Resources/Escape Breakout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Escape Breakout.md -------------------------------------------------------------------------------- /Methodology and Resources/HTML Smuggling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/HTML Smuggling.md -------------------------------------------------------------------------------- /Methodology and Resources/Hash Cracking.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Hash Cracking.md -------------------------------------------------------------------------------- /Methodology and Resources/Linux - Evasion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Linux - Evasion.md -------------------------------------------------------------------------------- /Methodology and Resources/Linux - Persistence.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Linux - Persistence.md -------------------------------------------------------------------------------- /Methodology and Resources/Linux - Privilege Escalation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Linux - Privilege Escalation.md -------------------------------------------------------------------------------- /Methodology and Resources/MSSQL Server - Cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/MSSQL Server - Cheatsheet.md -------------------------------------------------------------------------------- /Methodology and Resources/Metasploit - Cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Metasploit - Cheatsheet.md -------------------------------------------------------------------------------- /Methodology and Resources/Methodology and enumeration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Methodology and enumeration.md -------------------------------------------------------------------------------- /Methodology and Resources/Miscellaneous - Tricks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Miscellaneous - Tricks.md -------------------------------------------------------------------------------- /Methodology and Resources/Network Discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Network Discovery.md -------------------------------------------------------------------------------- /Methodology and Resources/Network Pivoting Techniques.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Network Pivoting Techniques.md -------------------------------------------------------------------------------- /Methodology and Resources/Office - Attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Office - Attacks.md -------------------------------------------------------------------------------- /Methodology and Resources/Powershell - Cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Powershell - Cheatsheet.md -------------------------------------------------------------------------------- /Methodology and Resources/Reverse Shell Cheatsheet.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Reverse Shell Cheatsheet.md -------------------------------------------------------------------------------- /Methodology and Resources/Source Code Management.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Source Code Management.md -------------------------------------------------------------------------------- /Methodology and Resources/Subdomains Enumeration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Subdomains Enumeration.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - AMSI Bypass.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - AMSI Bypass.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - DPAPI.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - DPAPI.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - Defenses.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - Defenses.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - Download and Execute.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - Download and Execute.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - Mimikatz.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - Mimikatz.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - Persistence.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - Persistence.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - Privilege Escalation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - Privilege Escalation.md -------------------------------------------------------------------------------- /Methodology and Resources/Windows - Using credentials.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Methodology and Resources/Windows - Using credentials.md -------------------------------------------------------------------------------- /NoSQL Injection/Intruder/NoSQL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/NoSQL Injection/Intruder/NoSQL.txt -------------------------------------------------------------------------------- /NoSQL Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/NoSQL Injection/README.md -------------------------------------------------------------------------------- /OAuth Misconfiguration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/OAuth Misconfiguration/README.md -------------------------------------------------------------------------------- /Open Redirect/Intruder/Open-Redirect-payloads.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Open Redirect/Intruder/Open-Redirect-payloads.txt -------------------------------------------------------------------------------- /Open Redirect/Intruder/open_redirect_wordlist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Open Redirect/Intruder/open_redirect_wordlist.txt -------------------------------------------------------------------------------- /Open Redirect/Intruder/openredirects.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Open Redirect/Intruder/openredirects.txt -------------------------------------------------------------------------------- /Open Redirect/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Open Redirect/README.md -------------------------------------------------------------------------------- /Prompt Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Prompt Injection/README.md -------------------------------------------------------------------------------- /Prototype Pollution/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Prototype Pollution/README.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/README.md -------------------------------------------------------------------------------- /Race Condition/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Race Condition/README.md -------------------------------------------------------------------------------- /Request Smuggling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Request Smuggling/README.md -------------------------------------------------------------------------------- /SAML Injection/Images/SAML-xml-flaw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SAML Injection/Images/SAML-xml-flaw.png -------------------------------------------------------------------------------- /SAML Injection/Images/XSLT1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SAML Injection/Images/XSLT1.jpg -------------------------------------------------------------------------------- /SAML Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SAML Injection/README.md -------------------------------------------------------------------------------- /SQL Injection/BigQuery Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/BigQuery Injection.md -------------------------------------------------------------------------------- /SQL Injection/Cassandra Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Cassandra Injection.md -------------------------------------------------------------------------------- /SQL Injection/DB2 Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/DB2 Injection.md -------------------------------------------------------------------------------- /SQL Injection/HQL Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/HQL Injection.md -------------------------------------------------------------------------------- /SQL Injection/Images/PostgreSQL_cmd_exec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Images/PostgreSQL_cmd_exec.png -------------------------------------------------------------------------------- /SQL Injection/Images/Unicode_SQL_injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Images/Unicode_SQL_injection.png -------------------------------------------------------------------------------- /SQL Injection/Images/wildcard_underscore.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Images/wildcard_underscore.jpg -------------------------------------------------------------------------------- /SQL Injection/Intruder/Auth_Bypass.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/Auth_Bypass.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/Auth_Bypass2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/Auth_Bypass2.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_MSSQL-WHERE_Time.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_MSSQL-WHERE_Time.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_MSSQL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_MSSQL.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_MSSQL_Enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_MSSQL_Enumeration.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_MYSQL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_MYSQL.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_MySQL-WHERE_Time.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_MySQL-WHERE_Time.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_MySQL_ReadLocalFiles.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_MySQL_ReadLocalFiles.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_Oracle.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_Oracle.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/FUZZDB_Postgres_Enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/FUZZDB_Postgres_Enumeration.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/Generic_ErrorBased.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/Generic_ErrorBased.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/Generic_Fuzz.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/Generic_Fuzz.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/Generic_TimeBased.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/Generic_TimeBased.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/Generic_UnionSelect.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/Generic_UnionSelect.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/SQL-Injection: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/SQL-Injection -------------------------------------------------------------------------------- /SQL Injection/Intruder/SQLi_Polyglots.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/SQLi_Polyglots.txt -------------------------------------------------------------------------------- /SQL Injection/Intruder/payloads-sql-blind-MSSQL-INSERT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/payloads-sql-blind-MSSQL-INSERT -------------------------------------------------------------------------------- /SQL Injection/Intruder/payloads-sql-blind-MSSQL-WHERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/payloads-sql-blind-MSSQL-WHERE -------------------------------------------------------------------------------- /SQL Injection/Intruder/payloads-sql-blind-MySQL-INSERT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/payloads-sql-blind-MySQL-INSERT -------------------------------------------------------------------------------- /SQL Injection/Intruder/payloads-sql-blind-MySQL-ORDER_BY: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/payloads-sql-blind-MySQL-ORDER_BY -------------------------------------------------------------------------------- /SQL Injection/Intruder/payloads-sql-blind-MySQL-WHERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/Intruder/payloads-sql-blind-MySQL-WHERE -------------------------------------------------------------------------------- /SQL Injection/MSSQL Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/MSSQL Injection.md -------------------------------------------------------------------------------- /SQL Injection/MySQL Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/MySQL Injection.md -------------------------------------------------------------------------------- /SQL Injection/OracleSQL Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/OracleSQL Injection.md -------------------------------------------------------------------------------- /SQL Injection/PostgreSQL Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/PostgreSQL Injection.md -------------------------------------------------------------------------------- /SQL Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/README.md -------------------------------------------------------------------------------- /SQL Injection/SQLite Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/SQL Injection/SQLite Injection.md -------------------------------------------------------------------------------- /Server Side Include Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Include Injection/README.md -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/SSRF_expect.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/SSRF_expect.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/SSRF_url.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/SSRF_url.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ip.py -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_ffmpeg.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_ffmpeg.avi -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_iframe.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_iframe.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_svg_css_import.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_svg_css_import.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_svg_css_link.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_svg_css_link.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_svg_css_xmlstylesheet.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_svg_css_xmlstylesheet.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_svg_image.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_svg_image.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Files/ssrf_svg_use.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Files/ssrf_svg_use.svg -------------------------------------------------------------------------------- /Server Side Request Forgery/Images/Parser and Curl less than 7.54.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Images/Parser and Curl less than 7.54.png -------------------------------------------------------------------------------- /Server Side Request Forgery/Images/SSRF_PDF.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Images/SSRF_PDF.png -------------------------------------------------------------------------------- /Server Side Request Forgery/Images/SSRF_Parser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Images/SSRF_Parser.png -------------------------------------------------------------------------------- /Server Side Request Forgery/Images/SSRF_stream.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Images/SSRF_stream.png -------------------------------------------------------------------------------- /Server Side Request Forgery/Images/WeakParser.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Images/WeakParser.jpg -------------------------------------------------------------------------------- /Server Side Request Forgery/Images/aws-cli.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/Images/aws-cli.jpg -------------------------------------------------------------------------------- /Server Side Request Forgery/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Request Forgery/README.md -------------------------------------------------------------------------------- /Server Side Template Injection/Images/serverside.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Template Injection/Images/serverside.png -------------------------------------------------------------------------------- /Server Side Template Injection/Intruder/ssti.fuzz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Template Injection/Intruder/ssti.fuzz -------------------------------------------------------------------------------- /Server Side Template Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Server Side Template Injection/README.md -------------------------------------------------------------------------------- /Tabnabbing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Tabnabbing/README.md -------------------------------------------------------------------------------- /Type Juggling/Images/table_representing_behavior_of_PHP_with_loose_type_comparisons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Type Juggling/Images/table_representing_behavior_of_PHP_with_loose_type_comparisons.png -------------------------------------------------------------------------------- /Type Juggling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Type Juggling/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/gen_avi_bypass.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/gen_avi_bypass.py -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/gen_xbin_avi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/gen_xbin_avi.py -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/read_passwd.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/read_passwd.avi -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/read_passwd_bypass.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/read_passwd_bypass.mp4 -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/read_shadow.avi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/read_shadow.avi -------------------------------------------------------------------------------- /Upload Insecure Files/CVE Ffmpeg HLS/read_shadow_bypass.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE Ffmpeg HLS/read_shadow_bypass.mp4 -------------------------------------------------------------------------------- /Upload Insecure Files/CVE ZIP Symbolic Link/etc_passwd.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE ZIP Symbolic Link/etc_passwd.zip -------------------------------------------------------------------------------- /Upload Insecure Files/CVE ZIP Symbolic Link/generate.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/CVE ZIP Symbolic Link/generate.sh -------------------------------------------------------------------------------- /Upload Insecure Files/CVE ZIP Symbolic Link/passwd: -------------------------------------------------------------------------------- 1 | /etc/passwd -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Apache .htaccess/.htaccess: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Apache .htaccess/.htaccess -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Apache .htaccess/.htaccess_phpinfo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_phpinfo -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Apache .htaccess/.htaccess_rce_files: -------------------------------------------------------------------------------- 1 | AddType application/x-httpd-php .rce -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Apache .htaccess/.htaccess_shell -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Apache .htaccess/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Apache .htaccess/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Busybox httpd.conf/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Busybox httpd.conf/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Busybox httpd.conf/httpd.conf: -------------------------------------------------------------------------------- 1 | *.sh:/bin/sh 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Busybox httpd.conf/shellymcshellface.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Busybox httpd.conf/shellymcshellface.sh -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration IIS web.config/web.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration IIS web.config/web.config -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-admin-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-admin-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-conf-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-conf-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-config-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-config-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-controllers-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-controllers-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-generate-init.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-generate-init.py -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-login-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-login-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-models-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-models-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-modules-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-modules-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-scripts-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-scripts-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-settings-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-settings-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-tests-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-tests-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-urls-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-urls-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-utils-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-utils-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration Python __init__.py/python-view-__init__.py.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration Python __init__.py/python-view-__init__.py.zip -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration uwsgi.ini/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration uwsgi.ini/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/Configuration uwsgi.ini/uwsgi.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Configuration uwsgi.ini/uwsgi.ini -------------------------------------------------------------------------------- /Upload Insecure Files/EICAR/eicar.txt: -------------------------------------------------------------------------------- 1 | X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.asa: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.asa -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.ashx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.ashx -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.asmx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.asmx -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.asp -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.aspx -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.cer -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.soap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.soap -------------------------------------------------------------------------------- /Upload Insecure Files/Extension ASP/shell.xamlx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension ASP/shell.xamlx -------------------------------------------------------------------------------- /Upload Insecure Files/Extension Flash/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension Flash/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/Extension Flash/xss.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension Flash/xss.swf -------------------------------------------------------------------------------- /Upload Insecure Files/Extension Flash/xssproject.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension Flash/xssproject.swf -------------------------------------------------------------------------------- /Upload Insecure Files/Extension HTML/xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension HTML/xss.html -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PDF JS/poc.js: -------------------------------------------------------------------------------- 1 | app.alert("XSS") -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PDF JS/poc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension PDF JS/poc.py -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PDF JS/result.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension PDF JS/result.pdf -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/extensions.lst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension PHP/extensions.lst -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.jpg.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.phar: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.php3: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.php4: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.php5: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.php7: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.php8: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.phpt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.pht: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/phpinfo.phtml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.gif^shell.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.jpeg.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.jpg.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.jpg^shell.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.pgif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Extension PHP/shell.pgif -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.phar: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.php3: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.php4: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.php5: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.php7: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.phpt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.pht: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.phtml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.png.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Extension PHP/shell.png^shell.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Upload Insecure Files/Images/file-upload-mindmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Images/file-upload-mindmap.png -------------------------------------------------------------------------------- /Upload Insecure Files/Jetty RCE/JettyShell.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Jetty RCE/JettyShell.xml -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/GIF_exploit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/GIF_exploit.gif -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/JPG_exploit-55.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/JPG_exploit-55.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/PNG_110x110_resize_bypass_use_LFI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/PNG_110x110_resize_bypass_use_LFI.png -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/PNG_32x32_resize_bypass_use_LFI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/PNG_32x32_resize_bypass_use_LFI.png -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/createBulletproofJPG.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/createBulletproofJPG.py -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/createCompressedPNG_110x110.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/createCompressedPNG_110x110.php -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/createGIFwithGlobalColorTable.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/createGIFwithGlobalColorTable.php -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Compression/createPNGwithPLTE.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Compression/createPNGwithPLTE.php -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/convert_local_etc_passwd.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/convert_local_etc_passwd.svg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/convert_local_etc_passwd_html.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/convert_local_etc_passwd_html.svg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/ghostscript_rce_curl.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/ghostscript_rce_curl.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagemagick_CVE-2022-44268_convert_etc_passwd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagemagick_CVE-2022-44268_convert_etc_passwd.png -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagemagick_ghostscript_cmd_exec.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagemagick_ghostscript_cmd_exec.pdf -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagemagik_ghostscript_reverse_shell.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagemagik_ghostscript_reverse_shell.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_file_exfiltration_pangu_wrapper.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_file_exfiltration_pangu_wrapper.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_file_exfiltration_text_wrapper.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_file_exfiltration_text_wrapper.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_reverse_shell_devtcp.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_reverse_shell_devtcp.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_reverse_shell_netcat_fifo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_reverse_shell_netcat_fifo.png -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_wget.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_imageover_wget.gif -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_bind_shell_nc.mvg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_bind_shell_nc.mvg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_curl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_curl.png -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_portscan.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_portscan.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_remote_connection.mvg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_remote_connection.mvg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_reverse_shell_bash.mvg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_reverse_shell_bash.mvg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_touch.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_url_touch.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_xml_reverse_shell_nctraditional.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_xml_reverse_shell_nctraditional.xml -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_xml_reverse_shell_netcat_encoded.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik1_payload_xml_reverse_shell_netcat_encoded.xml -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik2_burpcollaborator_passwd.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik2_burpcollaborator_passwd.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik2_centos_id.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik2_centos_id.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_id.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_id.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_shell.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_shell.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_shell2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture ImageMagick/imagetragik2_ubuntu_shell2.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/Build_image_to_LFI.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/Build_image_to_LFI.py -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/CVE-2021-22204_exiftool_echo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/CVE-2021-22204_exiftool_echo.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/CVE-2021-22204_exiftool_revshell.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/CVE-2021-22204_exiftool_revshell.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/PHP_exif_phpinfo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/PHP_exif_phpinfo.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/PHP_exif_system.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/PHP_exif_system.gif -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/PHP_exif_system.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/PHP_exif_system.jpg -------------------------------------------------------------------------------- /Upload Insecure Files/Picture Metadata/PHP_exif_system.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Picture Metadata/PHP_exif_system.png -------------------------------------------------------------------------------- /Upload Insecure Files/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/README.md -------------------------------------------------------------------------------- /Upload Insecure Files/Server Side Include/exec.shtml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Server Side Include/include.shtml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Upload Insecure Files/Server Side Include/index.stm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Server Side Include/index.stm -------------------------------------------------------------------------------- /Upload Insecure Files/Zip Slip/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Upload Insecure Files/Zip Slip/README.md -------------------------------------------------------------------------------- /Web Cache Deception/Intruders/param_miner_lowercase_headers.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Cache Deception/Intruders/param_miner_lowercase_headers.txt -------------------------------------------------------------------------------- /Web Cache Deception/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Cache Deception/README.md -------------------------------------------------------------------------------- /Web Sockets/Files/ws-harness.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Sockets/Files/ws-harness.py -------------------------------------------------------------------------------- /Web Sockets/Images/WebsocketHarness.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Sockets/Images/WebsocketHarness.jpg -------------------------------------------------------------------------------- /Web Sockets/Images/sqlmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Sockets/Images/sqlmap.png -------------------------------------------------------------------------------- /Web Sockets/Images/websocket-harness-start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Sockets/Images/websocket-harness-start.png -------------------------------------------------------------------------------- /Web Sockets/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/Web Sockets/README.md -------------------------------------------------------------------------------- /XPATH Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XPATH Injection/README.md -------------------------------------------------------------------------------- /XSLT Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSLT Injection/README.md -------------------------------------------------------------------------------- /XSS Injection/Files/InsecureFlashFile.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/InsecureFlashFile.swf -------------------------------------------------------------------------------- /XSS Injection/Files/JupyterNotebookXSS.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/JupyterNotebookXSS.ipynb -------------------------------------------------------------------------------- /XSS Injection/Files/SVG_XSS.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/SVG_XSS.svg -------------------------------------------------------------------------------- /XSS Injection/Files/SVG_XSS1.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/SVG_XSS1.svg -------------------------------------------------------------------------------- /XSS Injection/Files/SVG_XSS2.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/SVG_XSS2.svg -------------------------------------------------------------------------------- /XSS Injection/Files/SVG_XSS3.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/SVG_XSS3.svg -------------------------------------------------------------------------------- /XSS Injection/Files/SWF_XSS.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/SWF_XSS.swf -------------------------------------------------------------------------------- /XSS Injection/Files/mouseover-xss-ecs.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/mouseover-xss-ecs.jpeg -------------------------------------------------------------------------------- /XSS Injection/Files/onclick-xss-ecs.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/onclick-xss-ecs.jpeg -------------------------------------------------------------------------------- /XSS Injection/Files/payload_in_all_known_exif_corrupted.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/payload_in_all_known_exif_corrupted.jpg -------------------------------------------------------------------------------- /XSS Injection/Files/payload_in_all_known_exif_corrupted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/payload_in_all_known_exif_corrupted.png -------------------------------------------------------------------------------- /XSS Injection/Files/payload_in_all_known_metadata.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/payload_in_all_known_metadata.jpg -------------------------------------------------------------------------------- /XSS Injection/Files/payload_in_all_known_metadata.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/payload_in_all_known_metadata.png -------------------------------------------------------------------------------- /XSS Injection/Files/payload_text_xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/payload_text_xss.png -------------------------------------------------------------------------------- /XSS Injection/Files/xml.xsd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xml.xsd -------------------------------------------------------------------------------- /XSS Injection/Files/xss.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.cer -------------------------------------------------------------------------------- /XSS Injection/Files/xss.dtd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.dtd -------------------------------------------------------------------------------- /XSS Injection/Files/xss.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.htm -------------------------------------------------------------------------------- /XSS Injection/Files/xss.html.demo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.html.demo -------------------------------------------------------------------------------- /XSS Injection/Files/xss.hxt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.hxt -------------------------------------------------------------------------------- /XSS Injection/Files/xss.mno: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.mno -------------------------------------------------------------------------------- /XSS Injection/Files/xss.rdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.rdf -------------------------------------------------------------------------------- /XSS Injection/Files/xss.svgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.svgz -------------------------------------------------------------------------------- /XSS Injection/Files/xss.url.url: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.url.url -------------------------------------------------------------------------------- /XSS Injection/Files/xss.vml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.vml -------------------------------------------------------------------------------- /XSS Injection/Files/xss.wsdl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.wsdl -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xht: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xht -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xhtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xhtml -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xml -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xsd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xsd -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xsf -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xsl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xsl -------------------------------------------------------------------------------- /XSS Injection/Files/xss.xslt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss.xslt -------------------------------------------------------------------------------- /XSS Injection/Files/xss_comment_exif_metadata_double_quote.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss_comment_exif_metadata_double_quote.png -------------------------------------------------------------------------------- /XSS Injection/Files/xss_comment_exif_metadata_single_quote.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Files/xss_comment_exif_metadata_single_quote.png -------------------------------------------------------------------------------- /XSS Injection/Images/DwrkbH1VAAErOI2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Images/DwrkbH1VAAErOI2.jpg -------------------------------------------------------------------------------- /XSS Injection/Intruders/0xcela_event_handlers.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/0xcela_event_handlers.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/BRUTELOGIC-XSS-JS.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/BRUTELOGIC-XSS-JS.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/IntrudersXSS.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/IntrudersXSS.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/JHADDIX_XSS.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/JHADDIX_XSS.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/MarioXSSVectors.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/MarioXSSVectors.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/RSNAKE_XSS.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/RSNAKE_XSS.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/XSSDetection.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/XSSDetection.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/XSS_Polyglots.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/XSS_Polyglots.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/jsonp_endpoint.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/jsonp_endpoint.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/xss_alert.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/xss_alert.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/xss_payloads_quick.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/xss_payloads_quick.txt -------------------------------------------------------------------------------- /XSS Injection/Intruders/xss_swf_fuzz.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/Intruders/xss_swf_fuzz.txt -------------------------------------------------------------------------------- /XSS Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/README.md -------------------------------------------------------------------------------- /XSS Injection/XSS in Angular.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/XSS in Angular.md -------------------------------------------------------------------------------- /XSS Injection/XSS with Relative Path Overwrite.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XSS Injection/XSS with Relative Path Overwrite.md -------------------------------------------------------------------------------- /XXE Injection/Files/Classic XXE - etc passwd.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Files/Classic XXE - etc passwd.xml -------------------------------------------------------------------------------- /XXE Injection/Files/Classic XXE B64 Encoded.xml: -------------------------------------------------------------------------------- 1 | %init; ]> 2 | -------------------------------------------------------------------------------- /XXE Injection/Files/Classic XXE.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Files/Classic XXE.xml -------------------------------------------------------------------------------- /XXE Injection/Files/Deny Of Service - Billion Laugh Attack: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Files/Deny Of Service - Billion Laugh Attack -------------------------------------------------------------------------------- /XXE Injection/Files/XXE OOB Attack (Yunusov, 2013).xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Files/XXE OOB Attack (Yunusov, 2013).xml -------------------------------------------------------------------------------- /XXE Injection/Files/XXE PHP Wrapper.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Files/XXE PHP Wrapper.xml -------------------------------------------------------------------------------- /XXE Injection/Intruders/XXE_Fuzzing.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Intruders/XXE_Fuzzing.txt -------------------------------------------------------------------------------- /XXE Injection/Intruders/xml-attacks.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/Intruders/xml-attacks.txt -------------------------------------------------------------------------------- /XXE Injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/XXE Injection/README.md -------------------------------------------------------------------------------- /_LEARNING_AND_SOCIALS/BOOKS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/_LEARNING_AND_SOCIALS/BOOKS.md -------------------------------------------------------------------------------- /_LEARNING_AND_SOCIALS/TWITTER.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/_LEARNING_AND_SOCIALS/TWITTER.md -------------------------------------------------------------------------------- /_LEARNING_AND_SOCIALS/YOUTUBE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/_LEARNING_AND_SOCIALS/YOUTUBE.md -------------------------------------------------------------------------------- /_template_vuln/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/_template_vuln/README.md -------------------------------------------------------------------------------- /custom.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/custom.css -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucthienphong1120/PayloadsAllTheThings/HEAD/mkdocs.yml --------------------------------------------------------------------------------