Pentesting Webserver Dead End (MySQL White Listing Bypass)

Information Security Asked by Cromwell Rosalin on October 25, 2020

I am currently pentesting a webserver running MySQL, managed to obtain its db configuration (w/ login credentials) but the hostname is in a Local Area Network. The server has white listing enabled, so i cannot login remotely.

Is there anyway to bypass the servers MySQL whitelisting?

“ERROR 1130 (HY000: Host ‘XX.XX.XXX.XXX’ is not allowed to connect to this MySQL Server”

ip mysql penetration test whitelist

One Answer

By default MySQL does not allow remote clients to connect. If you find phpMyAdmin installed on the server then you should be able to gain access since the connection through phpMyAdmin is 'local'.

Answered by Anonymous on October 25, 2020

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

haakon.io on Why fry rice before boiling?
Joshua Engel on Why fry rice before boiling?
Jon Church on Why fry rice before boiling?
Lex on Does Google Analytics track 404 page responses as valid page views?
Peter Machado on Why fry rice before boiling?

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP