# Charges utiles

## XSS

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md>
* <https://github.com/payloadbox/xss-payload-list>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/README.md>

## SQLi

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection>

## SSRF

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery>

## CRLF

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection>

## CSV

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection>

## Command Injection

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection>

## Directory traversal

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal>

## LFI

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion>

## XXE

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20Injection>

## Open redirect

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md>

## RCE

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md>

## Crypto

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md>

## Template

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection>

## XSLT

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSLT%20Injection>

## Content

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md>

## LDAP

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection>

## NoSQLi

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection>

## GraphQL

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection>

## CSRF

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection>

## IDOR

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References>

## ISCM

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management>

## LaTex

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management>

## OAuth

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth>

## XPATH

* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection>

## CORS

* <https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/cors.md>
* <https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CORS%20Misconfiguration>