How to leverage search results to exfiltrate database information using a blind SQL injection.
In this post we will see how you can bypass upload filters in Joomla and deliver a payload to steal victim session token.
With a little of effort, it's possible to trick a Super User to visit a malicious page and force him to create a new Super User for us.
On April 18th 2018, a Remote Command Execution vulnerability has been discosled in Oracle Weblogic Server.
At the time of this writing, there are a couple of Proof Of Concept out there, let's see how we can improve them and pop a remote shell an the victim machine.
Finding a SQL injection is always a joy: it's one of the most trivial vulnerability to exploit and it's very easy to provide a valid POC. However this time I was having some troubles to find a valid proof: the remote server was simply dropping the connection with a 500 error.
To complete the task I had to think about the box and take a look at the big picture.
15% concentrated power of will
And a 100% reason to remember the name