Command Injection in web app with cat command disabled.

Nmap Scan


Nmap, gobuster, base64 decoder,sort,uniq,burpsuite, turbointruder, php reverseshell, netcat,crackstation,find,gtfobin

Nmap


This will be a write up on a PwnTillDawn Online Battlefield box — Stuntman Mike. Please check out the following links to find out more on PwnTIllDawn Online Battlefield.

Nmap Scan


Nmap


Nmap


Nmap, gobuster, php reverseshell, netcat, burpsuite, find,gtfobins

Nmap


This lab contains an SQL injection vulnerability in the login function.

To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.

Head over to the login page.

When we input a username and password, the query string will look like:

I input a single quote in the username and login (same with password). Both result in an internal server error, which shows that it might be vulnerable to SQL injection.


This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = ‘Gifts’ AND released = 1

To solve the lab, perform an SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.

First, let’s click on a category.

After clicking on the corporate gifts category, the URL shows:

Notice the bold words, which are the query string.

The application will make a SQL query to…


Nmap Scan


Nmap scan

Yikai

Started my journey in cybersecurity on September 2020. This blog is used mainly to record my learning journey.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store