Category Archives: Website Application Security

Exploiting unlinked content using DirBuster, PHP Include() and getting Remote Command Execution (RCE)

This is a real world example – using DirBuster we were able to discover an unlinked file named sugar.php which we enumerated by requesting the  “sugar.php” resource file which returned an error message PHP error: “<b>Error</b>: include(): Filename cannot be empty in”. The valid parameter name “display=” was found using a custom parameter brute forcing script. The… Read More »

Share Button

SQL INJECTION-Step By Step

sql-injection-step-by-step

Share Button

Website Hacking – SQL Injections – Sqlmap Introduction Howto

website-hacking-sql-injections-sqlmap-introduction-howto

Share Button

Step-by-Step SQL Injection Attack Video

step-by-step-sql-injection-attack-video

Share Button

SQL Injection Attacks Explained Video

sql-injection-attacks-explained-video

Share Button