|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ferruh Mavituna (ferruh
mavituna.com)
Date: Fri Jul 03 2009 - 05:49:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is a different and more practical approach to get a reverse shell or
code execution in SQL Injections (*particularly in MSSQL*). The idea is
simple. Getting a reverse shell from an SQL Injection with one HTTP request
without using an extra channel such as TFTP, FTP to upload the initial
payload.
White paper explains the steps and the details of the attack. Scripts got
all the tools you need to create your HTTP request with your own payload.
*White Paper:
*http://ferruh.mavituna.com/papers/oneclickownage.pdf
*Scripts:
*http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
*Presentation (IT Underground 2009):
*http://www.slideshare.net/fmavituna/one-click-ownage-1660539
Regards,
--
http://ferruh.mavituna.com
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]