SANS Penetration Testing: Daily Archives: Apr 04, 2013

Command Injection Tips: Leveraging Command-line Kung Fu with nslookup

[Editor's Note: Tom Heffron provides some really cool tips for leveraging nslookup in web app command-injection attacks. His ideas for using environment variables is pretty nifty, and his point about how to launch this so that it doesn't require an authoritative DNS server is great. -Ed.] When I took the recent SANS SEC 560 vLive … Continue reading Command Injection Tips: Leveraging Command-line Kung Fu with nslookup