Exploitation
Last updated
Last updated
After bypassing the proxy we gained access to a phpMyAdmin page with a empy password for the user root.
The page provided us with the perfect combination of things, phpmyinfo which would give us the directory names and locations in case we need to write into those files and a phpmyadmin that we can access.
This guide allowed me to get a shell on phpmyadmin.
So we basically create a new table and we run a sql query like this one.
The reason I chose that directory as I stated before was because I was able to see directory that the webserver was being hosted at. Alsoooo now i think I understand why the SQLi in Medjed worked the way it did because i see what the sqlquery in this case is doing as well.