Hey guys, It’s me Krishnadev P Melevila Again!! I am a self-made cyber enthusiast and Web application pentester.
Here, now I am writing about a local news website, I came to know about this site through an Instagram story of a social media influencer, I saw that his article was posted on that site so suddenly from somewhere a thought came to my mind! — Let’s hack and add my article by myself on the site.
So I just opened the site and check for the vulnerabilities, As soon as I checked, I found a login page. But I was 100% sure that it was not an admin login panel and it is just a frontend login.
But that frontend login was SQL Injection vulnerable and I just opened the burp suite and copied that POST request and exploited it in sqlmap. Yahoo!! I got the complete database.
But all the passwords are hashed! I don't like decrypting hashes!
But wait!!!! I found an interesting matter. Many of the hashes on there are the
Read the article