Skill Assessment

First I can see a login, try to sqli basic -->

admin' or 1=1-- -

Then, i can see search panel and info of names, i test if this field is vulnerable:

It is vulnerable, true. Now i try to connect to unions select -->

Nice try daddy, now i list the secure_file_priv, to view if this field is vulnerable:

Now, i try to upload a webshell -->

No problem, i will try display the bbdd and password of admin to login and do it upload

List all bbdd, and see ilfreight and backup, nice. I see with database(), what ddbb is using this webapp:

NICE, now list all tables, columns and info -->

Now we can see all content off this columns -->

adam : 1be9f5d3a82847b8acca40544f953515

Try to login again into the login... but...

NO SURRENDER! I will try to enum the backup bbdd

Now, i list the columns:

To the end, i display all data of this comuns -->

admin : Inl@n3_fre1gh7_adm!n

NOW YEAAAHHH, but... it is the same user i have... sooooo.

There are something i am doing bad... The above responde message is: Permsion Denied... Yeah... but... the query is it:

"Cant create to file in /var/www/html", but... i am in /dashboad/dasboard.php, try it -->

NOTHING ERROR!! Search the file

HOLY SH1T!! I NEED SLEEP

PreviousWriting FilesNextSQLMap Essentials

Last updated