00:00 - Intro, sorry for double upload. First one missed the last 5 minutes. 00:38 - Start of nmap, discovering SSH/HTTP are different operating systems 02:00 - Testing the website 02:45 - Intercepting the registration and testing for SQL Injection on the Country 04:19 - Discovering a static cookie is returned that is a MD5Sum of the UserName 05:20 - Our single quote country caused an Second Order SQL Injection testing Union Injection 08:08 - Using our Union Injection to drop a webshell 10:10 - Revrse Shell Returned 11:50 - Getting the database password out of the webconfig, and its also the root user 12:30 - Explaining how I gave "dedicated" containers to each player 13:35 - Going over the Kernel Module I wrote to do routing based upon the last octet of an IP Address 18:30 - Going over the code around SQL Injection and how to do prepared statements in PHP with SQL 23:40 - Creating middleware with Flask so SQLMap can exploit this second order sql injection
Follow IppSec: Video Search: https://ippsec.rocks
Support the originator by clicking the read the rest link below.