SQL Challenge 0x10 to RCE
SQL Injection :-
- Visit below link with query and you will see all column & tables of SQL database :-
- Now visit below query to check privileges :-
’root’@‘localhost’ -> YES confirms we have read/write permission on server .
- Lets read /e tc/passwd
- Let’s try to write files on /tmp/ dir using into outfile query :-
- Again use load_file to see if really the file was created on server :-
- This is enough to prove we can create files on server side . Now If a attacker can get the server root path then he can upload a web php shell to get access to the server and do whatever he want .
Using load_file I was able to read some really interesting files on server system what will be useful for various attacks :-
- I was able to read systems logs/configuration and many other files :-
Note :- This platform don’t allow to use the word /e tc/passwd so I have given a space in it . Remove it before testing .