Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

One Click Ownage [White Paper and Scripts]
From: Ferruh Mavituna <ferruh () mavituna com>
Date: Fri, 3 Jul 2009 11:49:51 +0100
This is a different and more practical approach to get a reverse shell or
code execution in SQL Injections (*particularly in MSSQL*). The idea is
simple. Getting a reverse shell from an SQL Injection with one HTTP request
without using an extra channel such as TFTP, FTP to upload the initial
payload.

White paper explains the steps and the details of the attack. Scripts got
all the tools you need to create your HTTP request with your own payload.


*White Paper:
*http://ferruh.mavituna.com/papers/oneclickownage.pdf

*Scripts:
*http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip

*Presentation (IT Underground 2009):
*http://www.slideshare.net/fmavituna/one-click-ownage-1660539



Regards,


-- 
http://ferruh.mavituna.com

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]