Porting a web-based exploit
The web-based exploits that we are going to cover here are based on web application attacks. The idea behind these exploits is to present Metasploit as a successful testing software for web applications too. In the upcoming section, we will see how we can make exploits for popular attack vectors such as SQL injections and so on. The motive here is to get familiar with web and HTTP functions in Metasploit and their corresponding library functions.
Dismantling the existing exploit
In this case study, we will be talking specifically about SQL injections. However, there are tons of other attack vectors that can be covered in Metasploit. Nevertheless, our motive here is just to get ourselves familiarized with HTTP libraries and their vectors.
The target in this scenario is a WordPress content management system, and we will exploit a SQL injection vulnerability in it using a vulnerable plugin, which is WordPress HD Web Player 1.1. This plugin is marked vulnerable to SQL...
