Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure One Click Ownage [White Paper and Scripts]   Index | Next | Previous | View Flat

ferruh at mavituna Jul 3, 2009, 3:50 AM Views: 213 Permalink One Click Ownage [White Paper and Scripts] This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (particularly in MSSQL). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial payload. White paper explains the steps and the details of the attack. Scripts got all the tools you need to create your HTTP request with your own payload. White Paper: http://ferruh.mavituna.com/papers/oneclickownage.pdf Scripts: http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip Presentation (IT Underground 2009): http://www.slideshare.net/fmavituna/one-click-ownage-1660539 Regards, -- http://ferruh.mavituna.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Subject User Time One Click Ownage [White Paper and Scripts] ferruh at mavituna Jul 3, 2009, 3:50 AM     Re: One Click Ownage [White Paper and Scripts] fdiggle at gmail Jul 5, 2009, 9:22 PM     Re: One Click Ownage [White Paper and Scripts] tbiehn at gmail Jul 6, 2009, 8:07 AM

Index | Next | Previous | View Flat   Full Disclosure     Full-Disclosure

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.