Scanning-dirb
- CGI is a common standard for web applications to interact with command-line executables;hence,CGI scripts were the most vulnerable to shellshock attack.
- Exploitation:use*apache_mod_cgi_bash_env_exec*.
SQL injection
- The semicolon(;)metacharacter in a SQL statement is used sililar to how it’s used in command injection to combine multiple queries on the same line.
- One of the most useful SQL statements is the UNION,which combines the results of two statements into one set.can also query data from other tables on the database.The only constraint of using the UNION statement is that the number of columns and the data type in the both the queries should be same:
SELECT id,rackname,value FROM inventory WHERE id=10 UNION SELECT SSN,name,address FROM employees
- **If the table that you want to query does not have the same number of columns,have to us
Kali进行web渗透笔记(六)
最新推荐文章于 2024-05-13 04:41:30 发布
![](https://img-home.csdnimg.cn/images/20240711042549.png)