From SQL injection to Shell III: PostgreSQL Edition

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using Ghostscript

2-4 Hrs.
Brown Badge


This course guides you through the exploitation of a SQL injection vulnerability in a web application. It explains how attackers can retrieve users' password hashes by exploiting a flaw in the way the application processes the `user_id` parameter in SQL queries. Once the password is cracked, the attacker gains access to the management interface, which contains additional functionalities, including a file upload feature.

The course then dives into how to achieve code execution by exploiting a vulnerability in Ghostscript through the image resizing functionality of the application. By crafting a malicious Postscript file and uploading it as a `.jpg` or `.png`, the attacker can execute arbitrary commands on the server when the file is processed by the vulnerable version of Ghostscript.

Want to learn more? Get started with PentesterLab Pro! GO PRO