From the course: Penetration Testing Web Apps with Kali and Burp Suite
Join today to access over 24,900 courses taught by industry experts.
Exploiting your way into the gym
From the course: Penetration Testing Web Apps with Kali and Burp Suite
Exploiting your way into the gym
- Let's take a look at this gym management system which we can download from the source code tester site Shown here. This is a standard website which runs on a lamp stack system. I've downloaded and unzipped this application. We can see this is a PHP website, and if we have a look in the database folder, we can see the setup script for it. The installation instructions require us to set up the application by importing this setup script. In addition, we need to modify the DB connect .pi script and update it with our privileged SQL user credentials. I've done this already, so let's go take a look at it. 192 dot 168 dot 1 dot 176 slash gym 1. Okay, we're asked to enter credentials. Our first exploit will be the obvious one. We'll run an SQL injection by entering the user account as quote space - Or - One equals one - Hash - And we've logged in as the administrative user. There's a slightly more advanced version of the gym…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Exploiting your way into the gym4m
-
(Locked)
Exploiting through an ASPX shell with Cadaver4m 58s
-
(Locked)
Checking web page source1m 50s
-
(Locked)
Injecting HTML into a web page4m 6s
-
(Locked)
Exploiting tools left on websites2m 31s
-
(Locked)
Injecting SQL using Burp Suite3m 45s
-
(Locked)
Exploiting Node.js5m 55s
-
(Locked)
Injecting XML into a web page1m 55s
-
(Locked)
File access through a web application URL1m 32s
-
(Locked)
-
-