Swissky
71dcfd5ca7
ADCS ESC7 Shell + Big Query SQL
2022-02-18 14:50:38 +01:00
Swissky
0b5c5acb87
ESC7 - Vulnerable Certificate Authority Access Control
2022-01-30 23:41:31 +01:00
astroicers
119ae90db6
Update MySQL Injection.md
...
fix line 426
2022-01-04 14:28:17 +08:00
Alex G
a568270b15
Add NAME_CONST for MySQL Error based injection
2021-12-16 12:11:25 +01:00
malet
4ab2649317
Fixing "RCE - Attach Database" Payload
...
The old payload doesn't work for many cases as the `php` in `<?php` is missing.
2021-12-14 19:54:41 +01:00
Brian Stadnicki
03427da534
SQLite Injection add extract database structure
2021-12-07 06:51:27 +00:00
Philippe Arteau
4169e5d603
informa4on_schema => information_schema
...
(Copy-paste error)
2021-10-31 23:33:58 -04:00
Philippe Arteau
6c5e790234
SQLi: Whitespace alternatives + WAF Bypass
2021-10-31 23:25:08 -04:00
jaxBCD
11dc7bc2c2
Update Oracle Sql injection.md add sql error
...
Add some error point oracle sql injection
2021-10-04 22:52:48 +07:00
Alvin Smith
335a5c42fb
Update MySQL Injection.md
2021-09-25 22:53:25 +12:00
sudoutopia
f18cb9b569
GROUP_CONCAT equivelent for MSSQL
2021-08-11 17:07:55 +02:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Swissky
0443babe35
Relay + MSSQL Read File
2021-03-25 18:25:02 +01:00
Swissky
f6b9d63bf8
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
Karim Kanso
826130946c
Add a one line postgres file write
2021-01-30 14:17:35 +00:00
Swissky
4e17d6c2b3
Update PostgreSQL Injection.md
2021-01-24 18:43:58 +01:00
Swissky
cd6f5493b3
Update PostgreSQL Injection.md
2021-01-24 18:43:28 +01:00
Ayoma Wijethunga
4b8dab523e
Add PostgreSQL Check if Current User is Supperuser
2021-01-24 23:09:52 +05:30
marcan2020
3cf44386da
Remove unnecessary condition to extract columns
...
Since we retrieve only the rows with a specific table name `name ='table_name', the table name won't start with `sqlite_` .
Thus, we can remove the unnecessary condition.
2020-11-17 19:59:11 -05:00
Swissky
f9e2512080
Merge pull request #287 from beomsu317/master
...
Update SQL-Injection
2020-11-03 10:38:02 +01:00
Swissky
1137bfca8d
Remote Desktop Services Shadowing
2020-10-30 21:10:00 +01:00
Siddharth Reddy
2bdd23dc51
Update MySQL Injection.md
2020-10-29 17:03:22 +05:30
Vincent Gilles
0b90094002
Fix(Docs): Correcting typos on the repo
2020-10-17 22:52:35 +02:00
Siddharth Reddy
fdc44ce84e
Update Cassandra Injection.md
...
Broken link [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/ )
2020-10-09 18:10:12 +05:30
Swissky
a8319b94ff
Merge pull request #259 from SiddTim/patch-1
...
Update Cassandra Injection.md
2020-10-09 10:31:58 +02:00
Siddharth Reddy
f284045ba6
Update MSSQL Injection.md
...
Broken link [Sqlinjectionwiki - MSSQL](http://www.sqlinjectionwiki.com/categories/1/mssql-sql-injection-cheat-sheet/ ) .
2020-10-09 12:53:21 +05:30
Siddharth Reddy
f66c53ee25
Update Cassandra Injection.md
...
Broken link [https://hack2learn.pw/cassandra/login.php ]
2020-10-09 12:45:28 +05:30
Swissky
a478356f43
MySQL Fast Exploitation using json_arrayagg()
2020-09-23 17:19:34 +02:00
Swissky
dd40ddd233
XSS summary subentries + GraphTCP
2020-07-12 14:44:33 +02:00
hloverflow
2e7b9db94b
Corrected Reference to 2009 paper
2020-07-12 13:21:18 +08:00
HLOverflow
37f66cc523
add to table of content
2020-07-12 13:17:43 +08:00
hloverflow
baadc6d3e9
contribute PostgreSQL bypass quotes technique
2020-07-12 13:14:26 +08:00
Swissky
d3f1bfa1ae
Merge pull request #209 from c14dd49h/patch-1
...
Update README.md
2020-07-11 10:50:04 +02:00
Swissky
5b1a79cb56
Docker device file breakout
2020-07-04 19:00:56 +02:00
Swissky
f86837ca8c
Fix #211
2020-06-24 12:10:41 +02:00
c14dd49h
5b47fc8ead
Update README.md
2020-05-27 18:53:37 +02:00
Swissky
4ca5e71c2f
Bind shell cheatsheet ( Fix #194 )
2020-05-24 14:09:46 +02:00
beomsu317
4c3cb6f530
Update SQL-Injection
2020-05-14 15:29:52 +09:00
Swissky
7f1c150edd
Mimikatz Summary
2020-05-10 16:17:10 +02:00
DoI
5aad5795d2
minor spelling fix
2020-05-05 15:15:50 +12:00
DoI
53db029d4e
Added additional info to the Postgres SQLi page
2020-05-05 15:10:44 +12:00
Swissky
da5dc1299e
MSSQL Trusted Link
2020-05-01 12:06:18 +02:00
Swissky
04899355ad
Magic Hashes + SQL fuzz
2020-04-26 21:43:42 +02:00
Swissky
eaac0e748e
Fix issue #185
2020-04-21 11:31:18 +02:00
Swissky
c8c4a6e8a9
Fix issue #185
2020-04-21 11:26:49 +02:00
fuxsocy.py
009a2f9276
Update SQLite Injection.md
...
Added new link location for the pdf.
2020-04-03 23:15:05 +00:00
chivato
29fac06023
From https://twitter.com/secgus
...
MySQL Blind Queries and Data Exfiltration via the ORDER BY clause.
2020-03-01 21:15:19 +00:00
Swissky
55d1731897
Merge pull request #116 from nizam0906/master
...
Added More Updates in SQL Injection
2019-10-29 17:11:28 +01:00
nizam0906
d41e0d33bd
Added Summary in Hibernate Query Language Injection
2019-10-29 19:47:42 +05:30
nizam0906
4d94e553b9
Added Summary in Cassandra Injection
2019-10-29 19:42:49 +05:30
nizam0906
fe8c7be2fb
Fixed Broken Links in SQL injection README.md
2019-10-29 19:33:09 +05:30
nizam0906
a69c2acb7d
Added Summary in SQLite Injection
2019-10-29 19:22:49 +05:30
nizam0906
4b1f7e629d
Fixed Broken Links in PostgreSQL Injection
2019-10-29 19:06:41 +05:30
nizam0906
20d6599772
Added Summary
2019-10-29 18:57:33 +05:30
nizam0906
ca59b1d217
Fixed Broken Links in MSSQL Injection
...
Fixed Broken Links in MSSQL Injection
2019-10-29 18:44:28 +05:30
nizam0906
a33dce0d60
Fixed Broken Links
2019-10-29 18:25:00 +05:30
nizam0906
7d6fab92fa
Update Detect columns number
...
Using SELECT * FROM SOME_EXISTING_TABLE Error Based
2019-10-29 18:11:58 +05:30
nizam0906
614e8a97b9
Updated Detect columns number
...
Detect columns number using LIMIT INTO Error Based
2019-10-29 16:48:11 +05:30
nizam0906
f81f9440b8
Added More Ways to Detect columns number
...
using order by or group by
using order by or group by error based
using UNION SELECT Error Based
2019-10-29 16:32:22 +05:30
Swissky
377aad4061
Merge pull request #115 from nizam0906/master
...
Added List Database Administrator Accounts
2019-10-29 08:36:01 +01:00
nizam0906
bb2c247160
Added List Database Administrator Accounts
...
SELECT datname FROM pg_database
2019-10-29 10:32:39 +05:30
Swissky
534d46d0e4
Merge pull request #113 from Q5Ca/patch-1
...
Add bypass WAF no equal using BETWEEN
2019-10-28 18:21:26 +01:00
duongdpt
135af74acd
Update README.md
...
Add bypass waf using BETWEEN
2019-10-28 22:26:28 +07:00
nizam0906
3dcd4425a8
Added more PostgreSQL Injection Queries
...
* PostgreSQL version
* PostgreSQL Current User
* PostgreSQL List Users
* PostgreSQL List Password Hashes
* PostgreSQL List Privileges
* PostgreSQL database name
* PostgreSQL List databases
* PostgreSQL List tables
* PostgreSQL List columns
* PostgreSQL Stacked query
2019-10-28 16:26:49 +05:30
nizam0906
f35ace93cf
Update PostgreSQL Injection.md
...
Updated PostgreSQL Error Based injections
2019-10-26 18:07:14 +05:30
nizam0906
5b59da70f7
Update MySQL Injection.md
...
Added 6 MYSQL DIOS
* Zen
* Zen WAF
* ~tr0jAn WAF
* ~tr0jAn Benchmark
* N1Z4M
* sharik
2019-10-25 18:11:11 +05:30
Swissky
5455c30ec7
Juicy Potato + XXE update
2019-09-08 19:44:51 +02:00
Swissky
3ca07aeb7a
Docker Privesc - Unix socket
2019-08-30 17:25:07 +02:00
Swissky
8dffb59ac5
Pspy + Silver Ticket + MSSQL connect
2019-08-18 22:24:48 +02:00
Swissky
4a176615fe
CORS Misconfiguration
2019-08-18 12:08:51 +02:00
Swissky
0b9d76eb8e
HQL references
2019-07-19 19:34:23 +02:00
Swissky
f6564869f0
Fix typo in PHP Object injection
2019-07-05 18:42:42 +02:00
Swissky
13ba72f124
GraphQL + RDP Bruteforce + PostgreSQL RCE
2019-07-01 23:29:29 +02:00
Swissky
46780de750
PostgreSQL rewrite + LFI SSH
2019-06-29 19:23:34 +02:00
Elon Salfati
a4411ae086
Added 2 working sql injection lines
2019-06-28 18:16:45 +03:00
Swissky
9745e67465
HQL Injection + references update
2019-06-16 23:45:52 +02:00
Swissky
f88da43e1c
SQL informationschema.processlist + UPNP warning + getcap -ep
2019-05-25 18:19:08 +02:00
Alexis VIALARET
506014dd5f
Some link's markdown was broken
2019-05-24 17:15:33 +02:00
Swissky
49b9d0aff7
MSQL UDF sys_exec + SSRF IP: 127.1 and 127.0.1
2019-04-20 20:23:40 +02:00
Swissky
13864bde04
GoGitDumper + MySQL summary rewrite
2019-04-15 00:49:56 +02:00
Swissky
c66197903f
MYSQL Truncation attack + Windows search where
2019-04-14 19:46:34 +02:00
Swissky
a509909561
PostgreSQL RCE CVE-2019–9193 + ADAPE + WinPrivEsc Resources
2019-03-24 16:00:27 +01:00
clem9669
ea1e5a63ad
Add authentification bypass
...
admin' -- - (variant of pre-existing)
2019-03-21 16:44:37 +00:00
tkmk
0913e8c3bd
Fix changed urls
2019-03-19 20:18:06 +08:00
Swissky
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00