SQL INJECTION FUNDAMENTALS - Writing webshell

BiBiChan1990 · February 23

Is any can help out to give me direction? I really don't get it on the question "Find the flag by using a Webshell." even with Hints, I barely not knowing it.
Please help out to give me direction.

TazWake · February 23

Spoiler Removed

BiBiChan1990 · February 24

hmm spoiler removed.

TazWake · February 24

Yeah - I dont know why it was flagged as a spoiler.

I haven't looked at this box, so I don't see how anything I suggest would spoil it for people.

Basically from what you've put it looks like the path would be to upload a webshell, or exploit one already there, then use the file system commands to find the thing you are looking for.

I was under the impression that the Academy was to provide more structured learning and guidance than the main boxes. I appear to have been mistaken.

rptester · March 9

my 2 cents, may be by this time you might already be an expert Bibichan, but for future noobs like me, the task is asking us to upload a program via the sql file; so we write a php program onto the box, and call it via the url. the name in between the [] is a variable, that you can reference in the url. for example $_REQUEST[0], you can replace this with anything and pass into the URL. so your url would become, xyz.com/0=id, and it will be executed.

PortaHelle · August 13

march 9.. is a long time ago but just follow the module und think hard about in which directory you "output" the webshell and what the hint says..

hopefully that will do the trick
best of Luck
Porta

SQL INJECTION FUNDAMENTALS - Writing webshell

Comments

Howdy, Stranger!

Categories

In this Discussion

SQL INJECTION FUNDAMENTALS - Writing webshell

Comments

Howdy, Stranger!

Quick Links

Categories

In this Discussion