I feel bad because while searching I ended up accidentally (not quite, as I was tired so, I just clicked) seeing a write-up by PDKT-Team/fbctf2019/hr-admin-module I could’ve learned much more if I spent more time, but still, I learned deeply about various types of SQL Injection, was totally unaware of Out-of-Band SQL Injection, SQL through SSRF, PostgreSQL file load functions, I knew DNS ex-filtration but didn’t thought how beautifully it can be used!Īnd, it’s a wrap, keep an eye for PART 2 About the Author Some of them gave warning messages, some didn’t but none of them worked. Seems like it uses PHP session-based flash messages ( ref) After this, I opened pentestmonkey’s Postgres SQL Injection Cheat Sheet and tried injecting queries. #Index of cheque generator rex code#Pseudo code of our exploit chars = ‘All printable character list’ target = “ " attr = document.createElement(‘iframe’) function exploit() web :: rceservice
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |