bWAPP server-side include injections

I present and try to explain some common SSII

Example 1

Example 2

Example 3

Example 4

Example 5

Comments

Exploitation of the OS Command Injection Threat in bWAPP

In this tutorial is based in literature and tools widely available in the Internet, we did perform all the steps by ourselves, hope useful, 1. Introduction 2. Firefox configuration 3. bWAPP Cookie Interception by Burp Suite 4. Attack with Commix to Establish a Shell

PHP Shells PentesterLab & DVWA

WE RECALL THAT ALL THE TECHNIQUES SHOWN HEREBY ARE WELL DESCRIBED ON THE NET, YET WE PERFORMED BY OURSELVES STEP BY STEP ALL THE LABS DEMONSTRATED IN THIS BLOG, MTIBAA Riadh PHP Web Shells in Forensic Analysis Backdoor scripts, Uploaded on web servers, Illegitimate access (read/write/edit/delete). 1. Simple Backdoor Shell John Troon, Remote code execution. 2. qsd-php Backdoor Shell Daniel Berliner, Platform to execute system command. 3. PHP-reverse shell Pentestmonkey, Outbounds TCP connection from server to host, Attaches shell to TCP connection, Runs interactive programs (telnet/ssh). 4. MSFvenom based PHP Backdoor Shell 5. Weevely Shell Simulates Telnet. ...

export/import mongo databases/collections

Here, I show step by step how to create a localhost mongo database using the mongo shell, then we transfert that database to our Cluster within the Cloud Mongo Atlas, 1. mtibaa_db_01 Mongo Database Creation with Collection locations 2. Export mtibaa_db_01 Locally into a JSON File 3. Import mtibaa_db_01 into the MTIBAARiadhTrainingCluster in Mongo Atlas

Every day computer working stuff

Search This Blog