by Davide Tampellini

Description: We know SQL injections are bad, very bad: once you find them, you can exfiltrate the whole contents of the database.
But they could result in a full server compromise? Yes, they can.
In this live session we will try to attack a vulnerable application and get an interactive shell.
Then we will escalate our local user to root, getting the full control of the server.