shreyaschavhan/payloads

A list of useful payloads and bypass for Web Application Security

Payloads

Description: A list of useful payloads to be used during Web Application Security Testing and Bug Bounty Hunting.

Contents

• File Path Traversal Cheatsheet
• SQL Injection Cheatsheet
• OS Command Injection (RCE)
• Turbo Intruder
• Burp Suite Collaborator
• XXE Injection
• Sushi Wushi - Bug Bounty Dorks - https://github.com/sushiwushi/bug-bounty-dorks/

Useful Links - Blogs/Posts/Videos:

• Cracking the lens - targeting HTTP's hidden attack-surface: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface#aux
• A new era of SSRF: https://www.youtube.com/watch?v=D1S-G8rJrEk
• Top 10 Web Hacking Techniques of 2017: https://portswigger.net/research/top-10-web-hacking-techniques-of-2017
• Top 10 Web Hacking Techniques of 2018: https://portswigger.net/research/top-10-web-hacking-techniques-of-2018
• Out-of-band application security testing (OAST): https://portswigger.net/burp/application-security-testing/oast
• Cracking the lens - Remote client exploits: https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface#remoteclient
• How I hacked Fackbook - Two account take over and Internal SSRF
  • Part I - https://infosecwriteups.com/how-i-hacked-facebook-part-one-282bbb125a5d
  • Part II - https://infosecwriteups.com/how-i-hacked-facebook-part-two-ffab96d57b19
• HTML to PDF converter bug leads to RCE in Facebook server - https://ysamm.com/?p=280
• Increasing XSS impact using XSScope - https://infosecwriteups.com/increasing-xss-impact-using-xsscope-879669e6ba78
• GitHub - RCE via git option injection (almost) - $20,000 Bounty: https://devcraft.io/2020/10/18/github-rce-git-inject.html