✈️Ascension
We first discover a web page on port 80:
We discover some possible users:
On the "book flight" page we quickly discover the following input that seems vulnerable to SQLi:
We are able to trigger the following error with a simple 'OR 1=1-- -
So maybe we can retrieve some information this way. We follow the path of the SQLI and try to use UNION
With the following payload, we are able to retrieve the table names:
So we found the column names for proxies:
So could this mean that a user called svc_dev can run a cmd and PowerShell? From this information, we could imagine that we need to obtain a shell by executing a PowerShell script via an SQL request?
Last updated