From SQL Injection to Shell II
This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.
The ISO for this exercise can be downloaded by clicking here (170MB).
You can access the course for this exercise by clicking here