From SQL injection to Shell III: PostgreSQL Edition
This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript
This course guides you through the exploitation of a SQL injection vulnerability in a web application. It explains how attackers can retrieve users' password hashes by exploiting a flaw in the way the application processes the user_id parameter in SQL queries. Once the password is cracked, the attacker gains access to the management interface, which contains additional functionalities, including a file upload feature.
The course then dives into how to achieve code execution by exploiting a vulnerability in Ghostscript through the image resizing functionality of the application. By crafting a malicious Postscript file and uploading it as a .jpg or .png, the attacker can execute arbitrary commands on the server when the file is processed by the vulnerable version of Ghostscript.