Videos

Published on January 25th, 2017 📆 | 5855 Views ⚑

0

SQL injection – Website Hacking tutorial – Part 4 [shell uploading as image]


iSpeech


As I committed in my previous video today I shall show you the advance method of accessing the website using web shell by which we can delete or even edit any page of a website.
Webshell is a php file to control the website.

This is one of the methods hackers use to deface the website.

Today my target website is this - www.gestionssoma.com

As I explained earlier in my videos the first thing we will do is to find the suitable parameter to give our commands to the website.

So I shall use the google dork method again here.

I shall put this in the google - site:http://www.gestionssoma.com/ inurl:id=

I have explained everything in my previous videos so the parameter I have selected to inject is

http://www.gestionssoma.com/detalles_noticias.php?Id=27

So this parameter is vulnerable.
So our admin username and password are here.
adminclub:tennis2013
Now time to find the admin page of this website.





For this we will again use google dork method.

Just put this in google search -site:http://www.gestionssoma.com/ and check different pages to find the admin panel.
So this is our admin page http://www.gestionssoma.com/Intranet/

Now here you can see a lot of contents but the only place from where a web shell can be uploaded is from where the picture is uploaded.
So I shall replace the existing picture with my shell to make it more easy but at the start I shall change the extension from Pup to jpg so that we can tract the sever to upload our file.

Here we will need an add-on call temper data to again change the extension our web shell to php as we can only execute our commands through php file.
We cannot directly upload php file as server blocks it that is why we have to trick the server.
here find the name of the file which is clean.jpg and rename it as clean.php

here is our shell now which is being displayed in place of an image and its a php file.

Now you can see all the files of website here that are present on the server.
Stay tuned and if you have any suggestions or questions or you don't understand anything in the tutorial just feel free to ask in the comments.

Thanks

video, sharing, camera phone, video phone, free, upload
2017-01-25 14:04:34

source

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑