WebRaider

Category: Web Security Readings - Fri, 11 Apr 2014 - by Robert Abela

One Click Ownage

Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.

  • It's only one request therefore faster,
  • Simple, you don't need a tool you can do it manually by using your browser or a simple MITM proxy,
  • just copy paste the payload,
  • CSRF(able), It's possible to craft a link and carry out a CSRF attack that will give you a reverse shell
  • It's not fixed, you can change the payload,
  • It's short, Generally not more than 3.500 characters,
  • Doesn't require any application on the target system like FTP, TFTP or debug.exe
  • Easy to automate.

Download One Click Ownage White Paper

Presentation

Download WebRaider Tool

WebRaider written for fun as a weekend project by Ferruh Mavituna and Mesut Timur, it’s a PoC tool, code is messy and expect many bugs. You’ve been warned :)

WebRaider


Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

DOWNLOAD DEMO TRY ONLINE SCAN