PayloadsAllTheThings

https://github.com/swisskyrepo/PayloadsAllTheThings A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  • Account Takeover

  • API Key Leaks

  • Argument Injection

  • Business Logic Errors

  • CICD

  • Clickjacking

  • Client Side Path Traversal

  • Command Injection

  • CORS Misconfiguration

  • CRLF Injection

  • Cross-Site Request Forgery

  • CSV Injection

  • custom.css

  • CVE Exploits

  • Dependency Confusion

  • Directory Traversal

  • DNS Rebinding

  • Dom Clobbering

  • File Inclusion

  • Google Web Toolkit

  • GraphQL Injection

  • Headless Browser

  • Hidden Parameters

  • HTTP Parameter Pollution

  • Insecure Deserialization

  • Insecure Direct Object References

  • Insecure Management Interface

  • Insecure Randomness

  • Insecure Source Code Management

  • Java RMI

  • JSON Web Token

  • LaTeX Injection

  • LDAP Injection

  • Mass Assignment

  • Methodology and Resources

  • NoSQL Injection

  • OAuth Misconfiguration

  • Open Redirect

  • ORM Leak

  • Prompt Injection

  • Prototype Pollution

  • Race Condition

  • Regular Expression

  • Request Smuggling

  • SAML Injection

  • Server Side Include Injection

  • Server Side Request Forgery

  • Server Side Template Injection

  • SQL Injection

  • Tabnabbing

  • Type Juggling

  • Upload Insecure Files

  • Web Cache Deception

  • Web Sockets

  • XPATH Injection

  • XSLT Injection

  • XSS Injection

  • XXE Injection

PreviousAssetNoteNextSecLists

Last updated

Was this helpful?