Direct access to databases is usually a privilege of DBAs and not end-users. Nonetheless, end-users have to access DBs in certain situations like generating sales reports, making ad-hoc queries, exporting data into spreadsheets and so on. From the security perspective, this is clearly not ideal, as a typical application was never designed to be utilised this way. Instead of saying ‘no’ to […]
We had an XSS vulnerability, we created a fake login page, we stole the WordPress admin’s credentials, now what? Over the following pages, I am going to walk you through the complete data exfiltration process. We are going to get shell access to the OS, dump the databases and configure the compromised WordPress server as a pivot for launching further attacks.