Course

This course guides you through the exploitation of a SQL injection vulnerability in a web application. It explains how attackers can retrieve users' password hashes by exploiting a flaw in the way the application processes the `user_id` parameter in SQL queries. Once the password is cracked, the attacker gains access to the management interface, which contains additional functionalities, including a file upload feature.

The course then dives into how to achieve code execution by exploiting a vulnerability in Ghostscript through the image resizing functionality of the application. By crafting a malicious Postscript file and uploading it as a `.jpg` or `.png`, the attacker can execute arbitrary commands on the server when the file is processed by the vulnerable version of Ghostscript.