from_sqli_to_shell
20.05.2013 Views
Share Embed Flag

from_sqli_to_shell

from_sqli_to_shell

from_sqli_to_shell

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
thepochom

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

PentesterLab.com » From SQL Injection <strong>to</strong> Shell<br />

Table of Content<br />

Table of Content<br />

Introduction<br />

About this exercise<br />

License<br />

Syntax of this course<br />

The web application<br />

Fingerprinting<br />

Inspecting HTTP headers<br />

Using a direc<strong>to</strong>ry Buster<br />

Detection and exploitation of SQL injection<br />

Detection of SQL injection<br />

Introduction <strong>to</strong> SQL<br />

Detection based on Integers<br />

Detection on Strings<br />

Exploitation of SQL injections<br />

The UNION keyword<br />

Exploiting SQL injections with UNION<br />

Retrieving information<br />

Access <strong>to</strong> the administration pages and code execution<br />

Cracking the password<br />

Uploading a Web<strong>shell</strong> and Code Execution<br />

Conclusion<br />

2<br />

4<br />

6<br />

6<br />

6<br />

7<br />

9<br />

9<br />

11<br />

13<br />

13<br />

13<br />

16<br />

20<br />

22<br />

22<br />

23<br />

27<br />

33<br />

33<br />

36<br />

40<br />

2/41

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!