In first, i found my subdomain using Amass tool.
After i used ffuf tool for brute force the directories and i found an Improper access control: https://subdomain.xxx.com/phppgadmin
There was a page with need to submit credentials, user and password.
I tried some combination of user/password with googling, and thanks to google i found it. And you know? I was IN.
Now i got FULL access on their database, i got all password and username. Admin password and other user passoword. That’s was awesome.
But i never tried to crack some password. I tried to get a reverse shell.
Note: I will not mention the companies, for reasons of privacy and confidentiality.
A SQL Injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. …