Category: Web Security Readings - Last Updated: Sat, 27 Feb 2010 - by Ferruh Mavituna

One Click Ownage

Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.

  • It's only one request therefore faster,
  • Simple, you don't need a tool you can do it manually by using your browser or a simple MITM proxy,
  • just copy paste the payload,
  • CSRF(able), It's possible to craft a link and carry out a CSRF attack that will give you a reverse shell
  • It's not fixed, you can change the payload,
  • It's short, Generally not more than 3.500 characters,
  • Doesn't require any application on the target system like FTP, TFTP or debug.exe
  • Easy to automate.

Download One Click Ownage White Paper


Download WebRaider Tool

WebRaider written for fun as a weekend project by Ferruh Mavituna and Mesut Timur, it's a PoC tool, code is messy and expect many bugs. You've been warned :)



Keep up with the latest web security
content with weekly updates.