O'Reilly logo

Kali Linux Intrusion and Exploitation Cookbook by Ishan Girdhar, Dhruv Shah

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. Web Application Exploitation

In this chapter, we will cover the following recipes:

  • Using Burp for active/passive scanning
  • Using sqlmap to find SQL Injection on the login page
  • Using sqlmap to find SQL Injection on URL parameters
  • Using commix for automated OS command injection
  • Using weevely for file upload vulnerability
  • Exploiting Shellshock using Burp
  • Using Metasploit to exploit Heartbleed
  • Using the FIMAP tool for file inclusion attacks (RFI/LFI)

Introduction

Web application penetration testing is the phase where we exploit the vulnerabilities that we have discovered during vulnerability assessment.

The success of penetration testing depends on how much information and vulnerabilities have been discovered so far. It may not be necessary that all ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required