33033
So we see that the usernames are given to us, and some of them give us a hint as to which is the right word for the password reset prompt.
To test for SQL injection I just typed ' . This broke the application, and we were then able to get a shell through SQL injection. This was new to me, I have never thought about this before but this technique is something I will note and use for the future.
Knowing this, using SQL injection we are able to get a shell using the following query.
After I had to play with the ports to see where the file was being stored at.
Last updated