Hacking SQL Injection for Remote Code Execution on a LAMP stack

Presented at DEF CON 23 (2015), Aug. 7, 2015, 2 p.m. (60 minutes).

Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack.


Presenters:

  • Nemus - Software Engineer
    Nemus works as a software engineer in the payment industry developing software that transfers money between banking systems. He is a founding member of 801 Labs, a hackerspace located in Salt Lake City, and is an active member of his local DEF CON group DC801. Nemus has a BS in Computer Science and is a certified GIAC Web Application Penetration Tester (GWAPT). Twitter: @Nemus801

Links:

Similar Presentations: