Author: Jeremy Druin
Description: Using somewhat advanced SQL injection, we inject a new PHP file into the web root of the PHP server using and SQL injection vulnearbility in Mutillidae. The injection is a command shell written in PHP that give root access to the operating system.
Mutillidae is a free web application which is vulnerable on purpose to give a training envoronment for pen testers, security enthusiasts, universities, and as a target for evaluating vulnerability assessment tools. Updates about Mutillidae are announced on Twitter at @webpwnized. Mutillidae can be downloaded from Sourceforge. Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking “Support” at https://www.youtube.com/user/webpwnized!
The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.