sql misconfiguration and privesc with path vulnerbility
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEYhwrv00dyF8zISAlp5iE00YqVIEXGKTCIXTEtts-tOOb-cKZLXoYAq359BQLXMqcuFYuUbKxEdmRX-z2d9nOdoc5lTxeKCAg8lYi9lx0L6k8XysNmYFwz0RdzlxJ4RIFSYbfGUvbE-3l_SyhQQ55KN5AJbm37MDBHw0ZxPY41s2DszQWdbZyrwFPn64W/w334-h141/Screenshot%202024-06-21%20140403.png)
sql misconfiguration and privesc with path vulnerability 1 nmap 10.10.134.21 -sV . -sV = Probe open ports to determine service/version info. 2 search ip in browser to show admin page. . qdPM 9.2 = show website version. 3 check version is exploitable or not. . version is exploitable. . check last line in exploit this link to install yml file link = http://<website>/core/config/databases.yml 4 Download yml file to see username name and password for mysql databse. 5 chek yml file. 6 enter mysql dabatse use username and password. # mysql -h 10.10.134.21 -u qdpmadmin -p . -h = host . -u = username. . -p = password 7 show mysql databses. # show databases; . to show all dabatbase in mysql. 8 go staff database and show tables. # use staff # show tables; . this colum to informatin about staff informatin 9 show user table data to information about usernames. # select * from user; . * = selcet all data. . To show all users. . and copy all user and make list for users. EX:- nano user.txt