Day 3
Jörn Schneeweisz
© 2018
Q: What is an exploit?
Sometimes an exploit it as easy as:
Advantage of most exploits against managed code:
Creation of working PoC exploits Practical exercises Final practical exercises on real-world code bases
<?php
// include autoloader
require_once 'dompdf/autoload.inc.php';
// reference the Dompdf namespace
use Dompdf\Dompdf;
use Dompdf\Options;
if ($_POST['html']) {
$options = new Options();
$options->setIsPhpEnabled(true);
// instantiate and use the dompdf class
$dompdf = new Dompdf($options);
// e.g.:
$dompdf->loadHtml($_POST['html']);
// (Optional) Setup the paper size and orientation
//$dompdf->setPaper('A3', 'landscape');
// Render the HTML as PDF
$dompdf->render();
// Output the generated PDF to Browser
$dompdf->stream('pdfservice');
}
?>> SELECT 123 FROM dual WHERE 1=1;
+-----+
| 123 |
+-----+
| 123 |
+-----+
1 row in set (0.00 sec)mysql> SELECT 123 FROM dual WHERE 1="1";
+-----+
| 123 |
+-----+
| 123 |
+-----+
1 row in set (0.00 sec)mysql> SELECT 123 FROM dual WHERE 1="1somestring";
+-----+
| 123 |
+-----+
| 123 |
+-----+
1 row in set, 1 warning (0.00 sec)mysql> SELECT 123 FROM dual WHERE 1="somestring";
Empty set, 1 warning (0.00 sec)mysql> SELECT 123 FROM dual WHERE 0="somestring";
+-----+
| 123 |
+-----+
| 123 |
+-----+
1 row in set, 1 warning (0.00 sec)