Download Latest Version
2025.1 - PayloadsAllTheThings - FERRETEDITOR source code.tar.gz (7.7 MB)
Get an email when there's a new version of Payloads All The Things
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| 2025.1 - PayloadsAllTheThings - FERRETEDITOR source code.tar.gz | 2025-07-26 | 7.7 MB | |
| 2025.1 - PayloadsAllTheThings - FERRETEDITOR source code.zip | 2025-07-26 | 7.9 MB | |
| README.md | 2025-07-26 | 3.4 kB | |
| Totals: 3 Items | 15.7 MB | 0 | |
This update brings significant new content, including dedicated pages for new vulnerability classes, fresh exploitation techniques for existing topics, and numerous quality-of-life improvements across the knowledge base.
📚 New Vulnerability Pages
- External Variable Modification: Complete new section covering PHP
extract()function vulnerabilities, variable pollution, and security implications - Reverse Proxy Misconfigurations: Covering common Nginx misconfigurations.
🔄 Enhanced Sections
- Command Injection:
- Added worstfit technique for argument injection
- Enhanced with fullwidth character bypass methods
- CSV Injection:
- New Google Sheets exploitation section
- Added formulas like IMPORTXML, IMPORTRANGE for data exfiltration
- Enhanced with remote resource access techniques
- File Inclusion:
- New lightyear tool for blind file read primitives
-
Enhanced PHP filter exploitation techniques
-
Headless Browser:
- New CVE exploitation section
- Enhanced debugging port security implications
- Added insecure flags and PDF rendering attack vectors
- Java Deserialization:
- Comprehensive JSON deserialization section (Jackson etc)
- Enhanced with multiple attack vectors and exploitation techniques
- SQL Injection:
- New PDO Prepared Statements section
🐛 Bug Fixes & Corrections
- Fixed numerous formatting inconsistencies
- Corrected broken internal links
- Updated deprecated tool references
- Standardized code block formatting
- Standardized bullet points and list formatting across all sections
- Automated markdown linting detection now runs on all pull requests and commits.
🌐 What's Changed
- csv injection: google sheets formulas by @noraj in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/759
- Update YOUTUBE.md by @Tednoob17 in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/765
- Add missing -r flag for xxe excel file rebuilding with zip command by @sehraramiz in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/768
- Fix extra parentheses in MySQL Injection.md by @DoongPark in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/769
- FIX broken link by @Diebbo in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/772
- Add support for
||(concatenation) operator in PostgreSQL for time based SQL injection by @florianamette in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/779 - Update README.md by @stenzzor in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/781
👌New Contributors
- @Tednoob17 made their first contribution in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/765
- @sehraramiz made their first contribution in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/768
- @DoongPark made their first contribution in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/769
- @Diebbo made their first contribution in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/772
- @florianamette made their first contribution in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/779
- @stenzzor made their first contribution in https://github.com/swisskyrepo/PayloadsAllTheThings/pull/781
Full Changelog: https://github.com/swisskyrepo/PayloadsAllTheThings/compare/4.1...4.2