Chapter 7. Web Application Exploitation
In this chapter, we will cover the following recipes:
- Using Burp for active/passive scanning
- Using sqlmap to find SQL Injection on the login page
- Using sqlmap to find SQL Injection on URL parameters
- Using commix for automated OS command injection
- Using weevely for file upload vulnerability
- Exploiting Shellshock using Burp
- Using Metasploit to exploit Heartbleed
- Using the FIMAP tool for file inclusion attacks (RFI/LFI)
Web application penetration testing is the phase where we exploit the vulnerabilities that we have discovered during vulnerability assessment.
The success of penetration testing depends on how much information and vulnerabilities have been discovered so far. It may not be necessary that all ...