April 2019
Intermediate to advanced
508 pages
11h 57m
English
The vulnerable web application has an SQL injection vulnerability. SQL injection allows an attacker to inject arbitrary SQL queries and execute them on the backend DBMS. This vulnerability is present on the following URL:
http://<ip>/books1.php?title=&author=t
An SQL injection on a web application that is potentially running with admin privileges means that there is a possibility of a complete takeover of the web application. For this purpose, we shall use sqlmap. To attack the URL with sqlmap, the syntax is as follows:
sqlmap --url="http://<IP>/books1.php?title=&author=t"
A sqlmap confirms that the injection vulnerability is present, as seen here:
The next step is to use sqlmap to gain shell access on the remote ...
Read now
Unlock full access