Type your comment> @luixtao said:
Type your comment> @el3ctr0 said:
maybe it does look easy, but there is a lot of data that you get after executing _s****** on higher port, it look more like riddle solving , or Im just on wrong path…
Yeah, it is! I mean, I don’t think this pretends to be a “real world” example on how to pentest, cuz nobody saves credentials in that way.
Maybe not a super real world example using quotes, but I have seen this db used to index logs that contain request logs with param data that include passwords in clear text…