“How a chain of multiple hacks leads me to database compromise”

where I simply tried directory traversal attack (../../../../etc/passwd) and to all my luck, files had the maximum permission given (a common mistake :/) and I was able to read /etc/passwd content and various other juicy files —

Not sure what the highlighted part means, are you suggesting that etc/passwd shouldn’t be world readable?

Leave a Reply