Pentester Lab: From SQL injection to Shell II

  • Name: Pentester Lab: From SQL injection to Shell II
  • Date release: 12 Jun 2013

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 170 MB)


(Size: 173 MB)




This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.

What you will learn?

Blind SQL injection exploitation using time-based exploitation Gaining code execution using a PHP webshell

  • Filename: from_sqli_to_shell_II_i386.iso
  • File size: 170 MB
  • MD5: 8434D28A36562B2A2F94B4753036DF7F
  • SHA1: 9013F8B035C751D29EE20A704F5E5B65C1856719

  • Filename: _from_sqli_to_shell_II.iso
  • File size: 173 MB
  • MD5: F39875AEBA47AC77EA0410E7BB1B5FA9
  • SHA1: EC0E52E0D75E645BD3526CB3E188ED5E94F16124

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign