Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-11-26 21:10:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
fuzzdb/attack/sql-injection/exploit
History
Adam Muntner a58bdb659d doc relocation and renaming update
2015-09-11 19:39:11 -04:00
..
db2-enumeration.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
ms-sql-enumeration.fuzz.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
mysql-injection-login-bypass.fuzz.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
mysql-read-local-files.fuzz.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
postgres-enumeration.txt doc relocation and renaming update 2015-09-11 19:39:11 -04:00
README.md doc relocation and renaming update 2015-09-11 19:39:11 -04:00

README.md

various useful post-exploitation commands

ms-sql-enumeration.fuzz.txt

ms-sqli info disclosure payload fuzzfile

replace regex with your fuzzer for best results

run wireshark or tcpdump, look for incoming smb or icmp packets from victim

might need to terminate payloads with ;--

mysql-injection-login-bypass.fuzz.txt

regex replace as many as you can with your fuzzer for best results:

also try to brute force a list of possible usernames, including possile admin acct names

mysql-read-local-files.fuzz.txt

mysql local file disclosure through sqli

fuzz interesting absolute filepath/filename into