coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
66eadfd232
hacktricks/network-services-pentesting/pentesting-web/h2-java-sql-database.md
CPol e5fd973448
GitBook: [#3393] No subject
2022-08-16 09:29:34 +00:00

3.0 KiB
Raw Blame History

H2 - Java SQL database

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.

Official page: https://www.h2database.com/html/main.html

Tricks

You can indicate a non-existent name a of database in order to create a new database without valid credentials (unauthenticated):

Or if you know that for example a mysql is running and you know the database name and the credentials for that database, you can just access it:

Tricks from box Hawk of HTB.

Unauthenticated RCE

You can find the exploit here https://gist.github.com/h4ckninja/22b8e2d2f4c29e94121718a43ba97eed

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.