fuzzdb/attack/sql-injection/exploit/README.md

various useful post-exploitation commands

ms-sql-enumeration.fuzz.txt

• ms-sqli info disclosure payload fuzzfile
• replace regex with your fuzzer for best results
• run wireshark or tcpdump, look for incoming smb or icmp packets from victim
• might need to terminate payloads with ;--

mysql-injection-login-bypass.fuzz.txt

• regex replace as many as you can with your fuzzer for best results:
• also try to brute force a list of possible usernames, including possile admin acct names

mysql-read-local-files.fuzz.txt

• mysql local file disclosure through sqli
• fuzz interesting absolute filepath/filename into