Merge 4f4d7b3bf5 into 80dda8beeb

Merge pull request #710 from mohnad-0b/patch-1
Update SQLite Injection.md
2024-05-09 15:56:15 +02:00 · 2024-04-03 22:38:04 +03:00 · 2024-04-03 18:15:31 +02:00 · 2024-04-03 18:15:03 +02:00 · 2024-04-01 20:46:09 +03:00 · 2024-03-09 21:46:33 +05:30
3 changed files with 15 additions and 3 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -18,6 +18,7 @@
  * [Bypass blacklisted words](#bypass-blacklisted-words)
   * [Bypass with single quote](#bypass-with-single-quote)
   * [Bypass with double quote](#bypass-with-double-quote)
+   * [Bypass with backticks](#bypass-with-backticks)
   * [Bypass with backslash and slash](#bypass-with-backslash-and-slash)
   * [Bypass with $@](#bypass-with-)
   * [Bypass with $()](#bypass-with--1)
@ -245,12 +246,20 @@ root:x:0:0:root:/root:/bin/bash

 ```powershell
 w'h'o'am'i
+wh''oami
 ```

 #### Bypass with double quote

 ```powershell
 w"h"o"am"i
+wh""oami
+```
+
+#### Bypass with backticks
+
+```powershell
+wh``oami
 ```

 #### Bypass with backslash and slash
--- a/Injection/SQLite
+++ b/Injection/SQLite
@ -33,7 +33,10 @@ select sqlite_version();
 ```sql
 SELECT sql FROM sqlite_schema
 ```
-
+if sqlite_version > 3.33.0 
+```sql
+SELECT sql FROM sqlite_master
+```
 ## Integer/String based - Extract table name

 ```sql
--- a/Files/README.md
+++ b/Files/README.md
@ -80,7 +80,7 @@
        * `file.php%20`
        * `file.php%0d%0a.jpg`
        * `file.php%0a`
-    * Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`.
+    * Right to Left Override (RTLO): `name.%E2%80%AEphp.jpg` will became `name.gpj.php`. - [Automated Script for RTLO](https://github.com/GainSec/RTLOify)
    * Slash: `file.php/`, `file.php.\`, `file.j\sp`, `file.j/sp`
    * Multiple special characters: `file.jsp/././././.`
 - Mime type, change `Content-Type : application/x-php` or `Content-Type : application/octet-stream` to `Content-Type : image/gif`
@ -219,4 +219,4 @@ Upload the XML file to `$JETTY_BASE/webapps/`
 * [Jetty Features for Hacking Web Apps - September 15, 2022 - Mikhail Klyuchnikov](https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/)
 * [Inyección de código en imágenes subidas y tratadas con PHP-GD  - Spanish Resource - hackplayers](https://www.hackplayers.com/2020/03/inyeccion-de-codigo-en-imagenes-php-gd.html)
 * [A New Vector For “Dirty” Arbitrary File Write to RCE - Doyensec - Maxence Schmitt and Lorenzo Stella](https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html)
-* [PHP Internals Book - THE .PHPT FILE STRUCTURE](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
+* [PHP Internals Book - THE .PHPT FILE STRUCTURE](https://www.phpinternalsbook.com/tests/phpt_file_structure.html)
Author	SHA1	Message	Date
J-GainSec	f02f42540c	Merge `4f4d7b3bf5` into `80dda8beeb`	2024-04-03 22:38:04 +03:00
Swissky	80dda8beeb	Merge pull request #710 from mohnad-0b/patch-1 Update SQLite Injection.md	2024-04-03 18:15:31 +02:00
Swissky	8ef458db2a	Merge pull request #708 from xplo1t-sec/master bypass techniques added	2024-04-03 18:15:03 +02:00
mohnad banat	d834abe43c	Update SQLite Injection.md Since sqlite version 3.33.0, sqlite_schema has been replaced by sqlite_master.	2024-04-01 20:46:09 +03:00
xplo1t-sec	033982dc30	bypass techniques added	2024-03-09 21:46:33 +05:30
J-GainSec	4f4d7b3bf5	Added Link to Python Script for adding RTLO characters to strings, individual files or all files within a directory.	2024-03-01 23:36:14 -05:00