ContextQMD
Libraries
Rankings
Queue
About
Log in
Get started
Open menu
Back to Libraries
Payloadsallthethings
payloadsallthethings
GitHub
payloadsallthethings
swisskyrepo/payloadsallthethings
swisskyrepopayloadsallthethings
swisskyrepo
Homepage
1 versions
142 pages (4.2)
4 aliases
1
Versions
142
Pages (4.2)
4
Aliases
Pages
Versions
Usage
MFA Bypasses
2FA Bypasses
Response Manipulation
Status Code Manipulation
2FA Code Leakage in Response
+12 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
3.4 KB
Full page
Account Takeover
Password Reset Feature
Password Reset Token Leak via Referrer
Account Takeover Through Password Reset Poisoning
Password Reset via Email Parameter
+11 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
7.1 KB
Full page
IIS Machine Keys
Viewstate Format
Machine Key Format And Locations
Identify Known Machine Key
Decode ViewState
+6 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
11.9 KB
Full page
API Key and Token Leaks
Tools
Methodology
Common Causes of Leaks
Validate The API Key
+2 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
5.6 KB
Full page
Brute Force & Rate Limit
Tools
Bruteforce
Burp Suite Intruder
FFUF
+6 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
5.8 KB
Full page
Business Logic Errors
Methodology
Review Feature Testing
Discount Code Feature Testing
Delivery Fee Manipulation
+7 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
6.1 KB
Full page
Clickjacking
Tools
Methodology
UI Redressing
Invisible Frames
+13 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
12.7 KB
Full page
Client Side Path Traversal
Tools
Methodology
CSPT to XSS
CSPT to CSRF
+2 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
5.7 KB
Full page
Command Injection
Tools
Methodology
Basic Commands
Chaining Commands
+29 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
16.3 KB
Full page
CORS Misconfiguration
Tools
Requirements
Methodology
Origin Reflection
+16 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
9.8 KB
Full page
Carriage Return Line Feed
Methodology
Session Fixation
Cross Site Scripting
Open Redirect
+3 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
5.5 KB
Full page
Cross-Site Request Forgery
Tools
Methodology
HTML GET - Requiring User Interaction
HTML GET - No User Interaction
+8 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
8.5 KB
Full page
CSS Injection
Tools
Methodology
CSS Selectors
Exfiltration via Background Image
+9 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
10.2 KB
Full page
CSV Injection
Methodology
Google Sheets
References
github.com/swisskyrepo/PayloadsAllTheThings/blo...
4.1 KB
Full page
CVE-2021-44228 Log4Shell
Vulnerable code
Payloads
Scanning
WAF Bypass
+4 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
4.6 KB
Full page
Common Vulnerabilities and Exposures
Tools
Big CVEs in the last 15 years
CVE-2017-0144 - EternalBlue
CVE-2017-5638 - Apache Struts 2
+6 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
5.8 KB
Full page
Denial of Service
Methodology
Locking Customer Accounts
File Limits on FileSystem
Memory Exhaustion - Technology Related
+1 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
4.6 KB
Full page
Dependency Confusion
Tools
Methodology
NPM Example
References
github.com/swisskyrepo/PayloadsAllTheThings/blo...
2.3 KB
Full page
Directory Traversal
Tools
Methodology
URL Encoding
Double URL Encoding
+15 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
12.6 KB
Full page
DISCLAIMER
github.com/swisskyrepo/PayloadsAllTheThings/blo...
1.0 KB
Full page
DNS Rebinding
Tools
Methodology
Protection Bypasses
0.0.0.0
+3 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
4.5 KB
Full page
DOM Clobbering
Tools
Methodology
Tricks
Labs
+1 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
4.8 KB
Full page
Encoding and Transformations
Unicode
Unicode Normalization
Punycode
Base64
+2 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
5.9 KB
Full page
External Variable Modification
Methodology
Overwriting Critical Variables
Poisoning File Inclusion
Global Variable Injection
+2 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
3.6 KB
Full page
LFI to RCE
LFI to RCE via /proc/*/fd
LFI to RCE via /proc/self/environ
LFI to RCE via iconv
LFI to RCE via upload
+13 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
11.4 KB
Full page
File Inclusion
Tools
Local File Inclusion
Null Byte
Double Encoding
+9 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
6.6 KB
Full page
Inclusion Using Wrappers
Wrapper php://filter
Wrapper data://
Wrapper expect://
Wrapper input://
+9 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
19.4 KB
Full page
Google Web Toolkit
Tools
Methodology
References
github.com/swisskyrepo/PayloadsAllTheThings/blo...
2.7 KB
Full page
GraphQL Injection
Tools
Enumeration
Common GraphQL Endpoints
Identify An Injection Point
+17 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
18.9 KB
Full page
Headless Browser
Headless Commands
Local File Read
Insecure Flags
PDF Rendering
+6 more
github.com/swisskyrepo/PayloadsAllTheThings/blo...
9.2 KB
Full page
1–30 of 142
1
2
3
4
5
Page 1