Subdomain

  • Published on
    Boolean-based SQL injection, which gives access to a database, then we authenticated file fuzz leading to bypassing .htaccess in apache which gives RCE. Once foothold from RCE was obtained, we pivot as mark, find a local hosted web server, and exploit npm to root.