Database Hack via Open Directory

Hello Hunter, I am going to share a vulnerability which I found in just 5minutes. I cannot disclose the website name so I will mention it as Target.com

Lets Start…….

Doing recon I found an open directory

Wait….. 😯zip file 🙄😲 immediately I downloaded all zip files and explore each zip one-by-one, found the ‘db_connection.php’ file

If you are a developer then you will know the ‘db_connection.php’ file

let me explain the ‘db_connection.php’ file?

Developers assign the servername, username, and password of the website database in this file

Login with credentials that we found in ‘db_connection.php’

BOOOM I’m in the database