0% found this document useful (0 votes)

4 views

Doc1

Uploaded by

Jean Claude Eblin

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

4 views

Doc1

Uploaded by

Jean Claude Eblin

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 1

Solution:

1/ Enumeration

Scan the target server with the command nmap -p-

132.145.13.96, you will see that the port 8080 is open
and hosting a web application. Upon visiting the web
page you realize it's an online shop with a search
functionality.

2/ Exploitation SQL Injection

Every time we see a search field, we should consider

injection attack, here the first thing that comes up to
mind is a backend using a database to fetch products
information.

MySql is a prominent DBMS and uses SQL as query

language, so we can try entering an ' to see how the web
app would react and then try out with different payloads
from https://github.com/swisskyrepo/PayloadsAllTheThings

To try to dump the whole DB, we can enter the payload '
OR 1=1 --

This would give you all the jewels!

212-82 V12.95(1)
No ratings yet
212-82 V12.95(1)
92 pages
Learn SAP Basis in 24 Hours
From Everand
Learn SAP Basis in 24 Hours
Alex Nordeen
4.5/5 (2)
AWS Certified Solutions Architect - Professional
From Everand
AWS Certified Solutions Architect - Professional
VB Dev
No ratings yet
Carding - Hacking - Carding - Hacking - Software - Tutorial... Software - Tutorial... Forum Forum
80% (5)
Carding - Hacking - Carding - Hacking - Software - Tutorial... Software - Tutorial... Forum Forum
16 pages
Introduction to PHP Web Services: PHP, JavaScript, MySQL, SOAP, RESTful, JSON, XML, WSDL
From Everand
Introduction to PHP Web Services: PHP, JavaScript, MySQL, SOAP, RESTful, JSON, XML, WSDL
Imran Ghani
No ratings yet
Exploring Hadoop Ecosystem (Volume 2): Stream Processing
From Everand
Exploring Hadoop Ecosystem (Volume 2): Stream Processing
Wei Liu
No ratings yet
Lab 2
No ratings yet
Lab 2
5 pages
Recon Methdology and Notes....
No ratings yet
Recon Methdology and Notes....
4 pages
Your First Week With Node.js
From Everand
Your First Week With Node.js
James Hibbard
No ratings yet
The Mac Terminal Reference and Scripting Primer
From Everand
The Mac Terminal Reference and Scripting Primer
Jay Docherty
4.5/5 (3)
Elements of Android Room
From Everand
Elements of Android Room
Mark Murphy
No ratings yet
496-Shoppy HTB Official Writeup Tamarisk
No ratings yet
496-Shoppy HTB Official Writeup Tamarisk
18 pages
SQL| KILLING STEPS TO INTRODUCE SQL DATABASES
From Everand
SQL| KILLING STEPS TO INTRODUCE SQL DATABASES
Ben Brumm
No ratings yet
Ethical Hacking Project Document
No ratings yet
Ethical Hacking Project Document
12 pages
Detailed Developer Report
No ratings yet
Detailed Developer Report
123 pages
50 Recipes for Programming Node.js
From Everand
50 Recipes for Programming Node.js
Jamie Munro
3/5 (4)
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
From Everand
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
Dr. Hidaia Mahmood Alassouli
No ratings yet
Writeup
No ratings yet
Writeup
5 pages
Node.js: The Definitive Resource
From Everand
Node.js: The Definitive Resource
Tom Henricksen
No ratings yet
Typhoon Exploit Step by Step: Penetrating Methodology
No ratings yet
Typhoon Exploit Step by Step: Penetrating Methodology
3 pages
Cyber cesurity mini project
No ratings yet
Cyber cesurity mini project
6 pages
Luke's Ultimate OSCP Guide Part
100% (2)
Luke's Ultimate OSCP Guide Part
18 pages
51921
No ratings yet
51921
3 pages
EJPT Cheat Sheet
100% (1)
EJPT Cheat Sheet
49 pages
Performing SQL Injection
No ratings yet
Performing SQL Injection
8 pages
Node.js, Express.js, and More
From Everand
Node.js, Express.js, and More
Tom Henricksen
No ratings yet
Ceh Day5
No ratings yet
Ceh Day5
1 page
Junior Penetration Tester.txt
No ratings yet
Junior Penetration Tester.txt
17 pages
A concise guide to PHP MySQL and Apache
From Everand
A concise guide to PHP MySQL and Apache
alasdair gilchrist
4/5 (2)
Hack into your Friends Computer
From Everand
Hack into your Friends Computer
Magelan Cyber Security
No ratings yet
Getting Started with Big Data Query using Apache Impala
From Everand
Getting Started with Big Data Query using Apache Impala
Agus Kurniawan
No ratings yet
9thADV-SSRF1
No ratings yet
9thADV-SSRF1
13 pages
Some Tutorials in Computer Networking Hacking
From Everand
Some Tutorials in Computer Networking Hacking
Dr. Hidaia Mahmood Alassouli
No ratings yet
OpenCart Tips and Tricks
From Everand
OpenCart Tips and Tricks
iSenseLabs
No ratings yet
BackTrack 5 Tutorial 6 PDF
No ratings yet
BackTrack 5 Tutorial 6 PDF
4 pages
BackTrack 5 Tutorial 6
No ratings yet
BackTrack 5 Tutorial 6
4 pages
Learn Java Programming in 24 Hours
From Everand
Learn Java Programming in 24 Hours
PublishDrive
No ratings yet
Rapid Application Development With CakePHP
From Everand
Rapid Application Development With CakePHP
Jamie Munro
No ratings yet
Hack Websites With Metasploit
60% (5)
Hack Websites With Metasploit
24 pages
Ruby on Rails For Beginners: Rails Web Development Programming and Coding Tutorial
From Everand
Ruby on Rails For Beginners: Rails Web Development Programming and Coding Tutorial
Joseph Joyner
1/5 (1)
Exact Basics of Hacking Intro: Description
No ratings yet
Exact Basics of Hacking Intro: Description
6 pages
eWPT
No ratings yet
eWPT
15 pages
Github-Rcon-Exploit
No ratings yet
Github-Rcon-Exploit
10 pages
SQLmap Guide
No ratings yet
SQLmap Guide
13 pages
Intentions
No ratings yet
Intentions
23 pages
Node.js: Tools & Skills
From Everand
Node.js: Tools & Skills
James Hibbard
No ratings yet
Document 2
No ratings yet
Document 2
11 pages
SQL Programming & Database Management For Noobee
From Everand
SQL Programming & Database Management For Noobee
Kishor Sarkar X
No ratings yet
Security Report Lab3
No ratings yet
Security Report Lab3
22 pages
How to Deploy Any Web Application to the Apple App Store
From Everand
How to Deploy Any Web Application to the Apple App Store
Michael D Callaghan
No ratings yet
Here are the most critical
No ratings yet
Here are the most critical
3 pages
C in 30 Pages
From Everand
C in 30 Pages
U.Q. Magnusson
4.5/5 (2)
Beyond the Basics of JavaScript
From Everand
Beyond the Basics of JavaScript
Tom Henricksen
No ratings yet
Hadoop Blueprints
From Everand
Hadoop Blueprints
Anurag Shrivastava
No ratings yet
Spring Boot and Single-Page Applications: Securing Your API with a Single-Page Application Frontend - Second Edition
From Everand
Spring Boot and Single-Page Applications: Securing Your API with a Single-Page Application Frontend - Second Edition
Jens Boje
No ratings yet
WAPT
No ratings yet
WAPT
11 pages
Securing PHP Applications Part I
No ratings yet
Securing PHP Applications Part I
5 pages
Kafka Up and Running for Network DevOps: Set Your Network Data in Motion
From Everand
Kafka Up and Running for Network DevOps: Set Your Network Data in Motion
Eric Chou
No ratings yet
Four Programming Languages Creating a Complete Website Scraper Application
From Everand
Four Programming Languages Creating a Complete Website Scraper Application
Stephen J Link
No ratings yet
Bankrobber
No ratings yet
Bankrobber
17 pages
SQL CMD
No ratings yet
SQL CMD
4 pages
Resumécc_124022(1)
No ratings yet
Resumécc_124022(1)
46 pages
totaltester_122125(1)
No ratings yet
totaltester_122125(1)
28 pages
Sample+Exam+CEHPC+(V0220224)+EN
No ratings yet
Sample+Exam+CEHPC+(V0220224)+EN
13 pages
revisioncehpc
No ratings yet
revisioncehpc
25 pages
– Day - 06 - Satender Kumar
No ratings yet
– Day - 06 - Satender Kumar
2 pages
CCNA CHEATSHEET
No ratings yet
CCNA CHEATSHEET
8 pages
UPS
No ratings yet
UPS
1 page
Basic+Security+Terminologies+Security+Foundations Study+Notes Cyvitrix
No ratings yet
Basic+Security+Terminologies+Security+Foundations Study+Notes Cyvitrix
3 pages
Isc2+Code+of+Ethics Study+Notes Cyvitrix
No ratings yet
Isc2+Code+of+Ethics Study+Notes Cyvitrix
3 pages
Security+Vulnerabilities Study+Notes Cyvitrix
No ratings yet
Security+Vulnerabilities Study+Notes Cyvitrix
4 pages
ISC2+CODE+OF+ETHICS-FLASH+CARDS-CYVITRIX
No ratings yet
ISC2+CODE+OF+ETHICS-FLASH+CARDS-CYVITRIX
42 pages
Security+Controls Study+Notes Cyvitrix
No ratings yet
Security+Controls Study+Notes Cyvitrix
3 pages
Security+Vulnerabilities Flash+Cards Cyvitrix
No ratings yet
Security+Vulnerabilities Flash+Cards Cyvitrix
42 pages
Multiple Choice Questions
No ratings yet
Multiple Choice Questions
19 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Doc1

Uploaded by

Doc1

Uploaded by

Solution:

Scan the target server with the command nmap -p-

2/ Exploitation SQL Injection

Every time we see a search field, we should consider

MySql is a prominent DBMS and uses SQL as query

This would give you all the jewels!

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.