From SQL injection to Shell III: PostgreSQL Edition

Bookmarked!

This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript

PRO Medium 2-4 Hrs. 255 Brown Badge

Course

This course details the exploitation of a SQL injection in a web application, demonstrating how an attacker can leverage this vulnerability to gain access to administration pages and ultimately achieve code execution on the server using a flaw in an outdated version of Ghostscript.

Skills covered

Injection Authentication Operating System Network

Topics

SQL Injection

CWE-89

Included with PRO

Full course content 2 videos Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account