One Click Ownage
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.
- It's only one request therefore faster,
- Simple, you don't need a tool you can do it manually by using your browser or a simple MITM proxy,
- just copy paste the payload,
- CSRF(able), It's possible to craft a link and carry out a CSRF attack that will give you a reverse shell
- It's not fixed, you can change the payload,
- It's short, Generally not more than 3.500 characters,
- Doesn't require any application on the target system like FTP, TFTP or debug.exe
- Easy to automate.
Download One Click Ownage White Paper
Download WebRaider Tool
WebRaider written for fun as a weekend project by Ferruh Mavituna and Mesut Timur, it’s a PoC tool, code is messy and expect many bugs. You’ve been warned :)