Hello mates,
I was wondering what are the methods you can use to gain access to a website’s database as a Web App Pen tester?
Here are three methods I use:
shell upload via upload file vunurability(burp suite)
bruteforcing phpmyadmin login of the website
mysql injection via mysqlmap
Please any other suggestions will be helpful to the community, thanks.
Well you could use a XSS (Cross Site Scripting) vulnerability. You could look at the website using a scanner like Netsparker. Or you could try something like this . You could also monitor and alter the websites cookies in order to break in. I hope you found this helpful and that you use this for legal purposes.