.htaccess web shells (how-to and download)

Here is an interesting approach during a pentest: .htaccess shells Simply upload the preferred shell as a .htaccess file and then visit the .htaccess file via the url http://domain/path/.htaccess?c=command for remote code execution. Source:...

More

Joomla 1.6.0 SQLi and RFI

First (works on 1.6.0): The vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin...

More