Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

One Click Ownage [White Paper and Scripts]
From: Ferruh Mavituna <ferruh () mavituna com>
Date: Fri, 3 Jul 2009 11:51:07 +0100
This is a different and more practical approach to get a reverse shell
or code execution in SQL Injections (particularly in MSSQL). The idea
is simple. Getting a reverse shell from an SQL Injection with one HTTP
request without using an extra channel such as TFTP, FTP to upload the
initial payload.

White paper explains the steps and the details of the attack. Scripts
got all the tools you need to create your HTTP request with your own
payload.


White Paper:
http://ferruh.mavituna.com/papers/oneclickownage.pdf

Scripts:
http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip

Presentation (IT Underground 2009):
http://www.slideshare.net/fmavituna/one-click-ownage-1660539



Regards,


-- 
http://ferruh.mavituna.com

  By Date           By Thread  

Current thread:
  • One Click Ownage [White Paper and Scripts] Ferruh Mavituna (Jul 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]