Webapp-Exploit-Payloads is a collection of payloads for common webapps. For example Joomla and WordPress. From the hundreds of different Web Application Vulnerabilities that can be found on any website, only a smallpercentage gives the intruder a direct way for executing operating system commands. And if we keepdigging into that group we‟ll identify only one or two that under normal circumstances might give the intruderelevated privileges.

The basic problem solved by any payload is pretty simple: "I have access,what now?". In memory corruption exploits it's pretty easy to perform arbitrary tasks because after successfulexploitation the attacker is able to control the remote CPU and memory, which allow for execution of arbitraryoperating system calls. With this power it‟s possible to create a new user, run arbitrary commands or uploadfiles.

Web Application Payloads are small pieces of code that are run in the intruder‟s box, and then translated bythe Web Application exploit to a combination of GET and POST requests to be sent to the remote Web server

Subscribe Top Hacker Stories via email