Scribd
Upload
14 views1 page

Nmap - p-132.145.13.96,: Solution

Uploaded by

Jean Claude Eblin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views1 page

Nmap - p-132.145.13.96,: Solution

Uploaded by

Jean Claude Eblin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Solution:

1/ Enumeration

Scan the target server with the command nmap -p-


132.145.13.96, you will see that the port 8080 is open
and hosting a web application. Upon visiting the web
page you realize it's an online shop with a search
functionality.

2/ Exploitation SQL Injection

Every time we see a search field, we should consider


injection attack, here the first thing that comes up to
mind is a backend using a database to fetch products
information.

MySql is a prominent DBMS and uses SQL as query


language, so we can try entering an ' to see how the web
app would react and then try out with different payloads
from https://github.com/swisskyrepo/PayloadsAllTheThings

To try to dump the whole DB, we can enter the payload '
OR 1=1 --

This would give you all the jewels!

You might also like