Hacking SQL Injection for Remote Code Execution on a LAMP Stack

Cite

DEF CON

Buttars, Lance (Nemus)

Formal Metadata

Title

Hacking SQL Injection for Remote Code Execution on a LAMP Stack

Title of Series

DEF CON 23

Number of Parts

109

Author

Buttars, Lance (Nemus)

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/36405 (DOI)

Publisher

DEF CON

Release Date

2015

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack. Speaker Bio: Nemus works as a software engineer in the payment industry developing software that transfers money between banking systems. He is a founding member of 801 Labs, a hackerspace located in Salt Lake City, and is an active member of his local DEF CON group DC801. Nemus has a BS in Computer Science and is a certified GIAC Web Application Penetration Tester (GWAPT). Twitter: @Nemus801