Hello guys, b0und4ry back as t0rb0y
little backstory: i made the last 2 things about the sql injection
the admin was a good guy and fixed the sql injection (not entirely), but little bobby tables still work (shame on you admin, again)
so santa brought 1 more exploit, and I succesfully guessed the password to the admin account, delete my session admin
as always watch jesus at: https://bence.lol/ow/m0ist.mp4
and some post messages
i guessed the database phpmyadmin password too, he changed it as soon as i told him he changed it twice and still guessed it now im just too bored to run hydra to bruteforce
and again THANK YOU [INSERT THAT TEACHERS NAME] FOR THE WONDERFUL UNFAIR CLASSES who will do a témazáró on the start of the next year (2024)
and found most of the kréta passwords
if you have any question
email: trby@bence.lol
phone: +13024499595
github: kcbence
Thank You Admin For This Experience
see you all later, in a few months
bye