Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-11-23 03:23:03 +00:00
Code Issues Projects Releases Packages Wiki Activity
fuzzdb/attack/sql-injection/exploit
History
Ricardo Madriz 2863f7a588 Fix #144
2016-05-25 17:56:24 -06:00
..
db2-enumeration.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
ms-sql-enumeration.txt Fix #144 2016-05-25 17:56:24 -06:00
mysql-injection-login-bypass.txt Fix #144 2016-05-25 17:56:24 -06:00
mysql-read-local-files.txt Fix #144 2016-05-25 17:56:24 -06:00
postgres-enumeration.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
README.md formatting 2015-09-15 23:02:34 -04:00

README.md

various useful post-exploitation commands

ms-sql-enumeration.fuzz.txt

  • ms-sqli info disclosure payload fuzzfile
  • replace regex with your fuzzer for best results
  • run wireshark or tcpdump, look for incoming smb or icmp packets from victim
  • might need to terminate payloads with ;--

mysql-injection-login-bypass.fuzz.txt

  • regex replace as many as you can with your fuzzer for best results:
  • also try to brute force a list of possible usernames, including possile admin acct names

mysql-read-local-files.fuzz.txt

  • mysql local file disclosure through sqli
  • fuzz interesting absolute filepath/filename into