[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

One Click Ownage [White Paper and Scripts]



This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial payload.

White paper explains the steps and the details of the attack. Scripts
got all the tools you need to create your HTTP request with your own
payload.


White Paper:
http://ferruh.mavituna.com/papers/oneclickownage.pdf

Scripts:
http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip

Presentation (IT Underground 2009):
http://www.slideshare.net/fmavituna/one-click-ownage-1660539



Regards,


--
http://ferruh.mavituna.com