After finding a sql injection vulnerability I need to provide the more information I can about the DB. Minimum I need to provide a list of users and passwords.
I identified that it's a MySQL but checking information_schema.schemata I notice there are just two databases: information_schema and abc (the one created for the problem).
mysql is missing, so from where can I get the list of users and passwords? As mysql.user is unavailable.
Aucun commentaire:
Enregistrer un commentaire