search

Validation

  1. Enumeration by using rustscan.

  1. Sending request to the burpsuite and adding ' .

Result:

We can see error, so website it's probably vulnerable for SQLi.

  1. Injection:

Checking if working:

Great, fully works.

  1. Now we have to make a shell:

We are inside 👏

First flag 🎉

  1. Getting root.

We can find password in config.php, this is password for root account.

Second flag:

Last updated