Exercises

This exercise covers how to gain access to an administration interface using a SQL injection, and how to get command execution using Ghostscript

This exercise covers how to gain access to an administration interface using SQL injection followed by how to get command execution using ImageTragick

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise is one of our challenges on SQL Injections

This exercise explains how to exploit a Cross-Site Scripting vulnerability to obtain an administrator's cookies, and how you can use their session to gain access to the administration panel, and find a SQL injection to gain code execution

This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.

This exercise explains how you can from a SQL injection gain access to the administration console, and from there, how you can run commands on the underlying system

This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system