|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ferruh Mavituna (ferruh
mavituna.com)
Date: Fri Jul 03 2009 - 05:51:07 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial payload.
White paper explains the steps and the details of the attack. Scripts
got all the tools you need to create your HTTP request with your own
payload.
White Paper:
http://ferruh.mavituna.com/papers/oneclickownage.pdf
Scripts:
http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
Presentation (IT Underground 2009):
http://www.slideshare.net/fmavituna/one-click-ownage-1660539
Regards,
--
http://ferruh.mavituna.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]