Oracle is a registered trademark of Oracle Corporation and/or itsĪffiliates. You can turn off this feature to get a quicker startup with -A Reading table information for completion of table and column names Mysql: Using a password on the command line interface can be insecure. That means it’s likely querying the database with something mysql -u admin -pkEjdbRigfBHUREiNSDs admin While ' or '1'='1 doesn’t work, ' or 1=1- does. I tried a handful of SQL injection payloads. When I guess admin/admin, it returns an error about my username or password, so no user enumeration here: Shell as www-data SQLi Bypass Login The site just presents a login form and an advertisement (something I hadn’t seen in HTB before it seems to be real). If I can find a way to leak that (perhaps an LFI), I’ll come back to give this a try.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |