Mark
|
c3af630e1d
|
Update README.md
|
2024-05-26 10:40:54 -04:00 |
|
Mark
|
867f243100
|
Update README.md
|
2024-05-26 10:32:01 -04:00 |
|
mohnad banat
|
d834abe43c
|
Update SQLite Injection.md
Since sqlite version 3.33.0, sqlite_schema has been replaced by sqlite_master.
|
2024-04-01 20:46:09 +03:00 |
|
Swissky
|
dd2b68b70e
|
PHP Deserialization + API keys table typo
|
2024-02-18 15:29:21 +01:00 |
|
Swissky
|
97cfeee270
|
Tools Update
|
2024-01-21 21:39:23 +01:00 |
|
Swissky
|
b07c5df892
|
CSS - Update style color + Blind SQL Oracle
|
2023-12-10 13:27:21 +01:00 |
|
Swissky
|
55edc9fc74
|
Fix MySQL duplicate cheatsheet
|
2023-10-01 12:45:12 +02:00 |
|
Swissky
|
d142587f28
|
Race Condition WIP + AD asreproast/kerberoasting
|
2023-10-01 12:42:20 +02:00 |
|
Swissky
|
59640ba51a
|
MYSQL Wide byte injection (GBK)
|
2023-09-14 10:53:37 +02:00 |
|
Mane
|
811d71026f
|
Update MySQL Injection.md
fix typo
|
2023-09-13 08:33:03 -07:00 |
|
Mane
|
9574af9dd1
|
Update MySQL Injection.md
Add MYSQL Wide byte injection, it can test in Sqli-labs Less-32
|
2023-09-13 08:13:36 -07:00 |
|
Swissky
|
a0c14e5299
|
SQL injections - WAF bypass
|
2023-09-03 14:26:03 +02:00 |
|
Pak Cyberbot
|
d5922f421c
|
Update SQLite Injection.md
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
|
2023-08-25 15:24:52 +05:00 |
|
KeoOp
|
d5f85f13d5
|
Update SQLite Injection.md
add "group_concat" so that all tables can be extracted once when the query only returns the first item
|
2023-07-16 23:44:00 +08:00 |
|
Swissky
|
5ddd8e04da
|
MSSQL - Stacked Queries Delimiters
|
2023-06-25 00:02:54 +02:00 |
|
Swissky
|
6861c46fcd
|
MySQL MSSQL Oracle SQL Update
|
2023-04-14 17:45:45 +02:00 |
|
somebodyoncetoldme
|
aa8950a273
|
Update PostgreSQL Injection.md
Switch "column_name" to "table_name".
|
2023-01-03 21:02:57 -08:00 |
|
Swissky
|
6dd5c18b45
|
Normalize Titles
|
2022-10-12 12:13:55 +02:00 |
|
Swissky
|
3f3736471e
|
Merge branch 'master' into patch-4
|
2022-10-11 11:26:28 +02:00 |
|
Deep Dhakate
|
a670a26eea
|
Update
|
2022-10-02 06:13:01 +00:00 |
|
Swissky
|
c7dd67986c
|
Oracle SQL
|
2022-09-13 22:04:21 +02:00 |
|
Dhmos Funk
|
aa89a909d1
|
Update PostgreSQL Injection.md
|
2022-09-10 15:56:31 +03:00 |
|
Swissky
|
7663594118
|
Update SQLite Injection.md
|
2022-09-07 14:02:38 +02:00 |
|
nerrorsec
|
418285b7f6
|
Boolean - Extract info (order by)
|
2022-08-13 10:07:54 +05:45 |
|
mr.The
|
f82efffbc7
|
Boolean error based* instead of just error based
|
2022-08-12 18:36:43 +03:00 |
|
mr.The
|
0d9a2354e5
|
Add error-based vector for the sqlite
|
2022-08-12 18:33:44 +03:00 |
|
its0x08
|
fc1f3b25a7
|
fix: Fix spelling
|
2022-08-09 11:02:21 +02:00 |
|
Jeyanthan
|
7ad7ae722d
|
Update OracleSQL Injection.md
missing 'T' in the SELECT in the Oracle blind SQLI section
|
2022-07-20 13:34:27 +02:00 |
|
Swissky
|
28425b37a3
|
LFI to RCE via upload (FindFirstFile)
|
2022-06-19 22:48:46 +02:00 |
|
PinkDraconian
|
5cc8e698c9
|
Single quotes are messing with the command.
|
2022-05-15 13:53:50 +02:00 |
|
Alexandre ZANNI
|
c274874430
|
MSSQL: list permissions
|
2022-04-18 17:21:26 +02:00 |
|
Alexandre ZANNI
|
1f73834d5e
|
HQLi in Java apps - HITBSecConf2016
|
2022-04-14 18:07:35 +02:00 |
|
Swissky
|
4abd52697f
|
MSSQL Agent Command Execution
|
2022-03-10 11:05:17 +01:00 |
|
Swissky
|
71dcfd5ca7
|
ADCS ESC7 Shell + Big Query SQL
|
2022-02-18 14:50:38 +01:00 |
|
Swissky
|
0b5c5acb87
|
ESC7 - Vulnerable Certificate Authority Access Control
|
2022-01-30 23:41:31 +01:00 |
|
astroicers
|
119ae90db6
|
Update MySQL Injection.md
fix line 426
|
2022-01-04 14:28:17 +08:00 |
|
Alex G
|
a568270b15
|
Add NAME_CONST for MySQL Error based injection
|
2021-12-16 12:11:25 +01:00 |
|
malet
|
4ab2649317
|
Fixing "RCE - Attach Database" Payload
The old payload doesn't work for many cases as the `php` in `<?php` is missing.
|
2021-12-14 19:54:41 +01:00 |
|
Brian Stadnicki
|
03427da534
|
SQLite Injection add extract database structure
|
2021-12-07 06:51:27 +00:00 |
|
Philippe Arteau
|
4169e5d603
|
informa4on_schema => information_schema
(Copy-paste error)
|
2021-10-31 23:33:58 -04:00 |
|
Philippe Arteau
|
6c5e790234
|
SQLi: Whitespace alternatives + WAF Bypass
|
2021-10-31 23:25:08 -04:00 |
|
jaxBCD
|
11dc7bc2c2
|
Update Oracle Sql injection.md add sql error
Add some error point oracle sql injection
|
2021-10-04 22:52:48 +07:00 |
|
Alvin Smith
|
335a5c42fb
|
Update MySQL Injection.md
|
2021-09-25 22:53:25 +12:00 |
|
sudoutopia
|
f18cb9b569
|
GROUP_CONCAT equivelent for MSSQL
|
2021-08-11 17:07:55 +02:00 |
|
Swissky
|
87be30d3b2
|
DB2 Injection + ADCS
|
2021-08-10 23:00:19 +02:00 |
|
Swissky
|
0443babe35
|
Relay + MSSQL Read File
|
2021-03-25 18:25:02 +01:00 |
|
Swissky
|
f6b9d63bf8
|
DCOM exploitation and MSSQL CLR
|
2021-03-24 22:26:23 +01:00 |
|
Karim Kanso
|
826130946c
|
Add a one line postgres file write
|
2021-01-30 14:17:35 +00:00 |
|
Swissky
|
4e17d6c2b3
|
Update PostgreSQL Injection.md
|
2021-01-24 18:43:58 +01:00 |
|
Swissky
|
cd6f5493b3
|
Update PostgreSQL Injection.md
|
2021-01-24 18:43:28 +01:00 |
|