SQL INJECTION
OFFSEC - Proving Grounds - HAWAT
·1702 words·8 mins
OFFSEC PG PRACTICE
SQL INJECTION
Nextcloud runs on port 50080 with weak credentials and has a ZIP file with SQL-vulnerable application code. Abusing the SQL injection we get initial access as the root user.