i recently found an sql injection vulnerability on a server,
In the db, there's a table named users and inside there's the username: admin and password : *******
Is knowing this password enough to hack the server ?
Jump to Post
Wether you can connect to the mysql server depends on the combination of username, password and host entry in the mysql.user table. This table is not in your production database, but in a system database named mysql. If username and password match and the server from which the intruder operates …
All 3 Replies
Be a part of the DaniWeb community
We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.