From SQL injection to Shell III: PostgreSQL Edition
This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript
This course guides you through the exploitation of a SQL injection vulnerability in a web application. It explains how attackers can retrieve users' password hashes by exploiting a flaw in the way the application processes the user_id parameter in SQL queries. Once the password is cracked, the attacker gains access to the management interface, which contains additional functionalities, including a file upload feature.
The course then dives into how to achieve code execution by exploiting a vulnerability in Ghostscript through the image resizing functionality of the application. By crafting a malicious Postscript file and uploading it as a .jpg or .png, the attacker can execute arbitrary commands on the server when the file is processed by the vulnerable version of Ghostscript.