Sqli

Máquina sobre Broken Access Control, BOLA, SQL Injection e linux capabilities.

On the Paradize machine, we need to exploit an SQL injection to upload a webshell and explore a path hijacking vulnerability.

The application has the following vulnerabilities: endpoint enumeration via FUZZ, SQL Injection, remote command execution (RCE), and privilege escalation via Linux capabilities.

The Lion machine is vulnerable to SQL injection, allowing RCE through the upload of a webshell, and has privilege escalation via cron jobs.

Machine involving SQL Injection, code injection, and reversing (PE).