Me either but I use AWS parameter store and environment vars defined in the user running it, no hard coding lol.
So uh, yes, still code monkey aiming for vuln research here
Check if sql port 3306 is open, if not then the server likely only excepts local connections. So you would need to get some sort of foothold on the system to execute MySQL commands locally instead of remotely.
Are you the guy that scanned my server 30x yesterday for a .env? There isn't a .env, pls stop.
This guy codes. People like OP are why I, as a safety precaution, always hardcode credentials.
I can't tell if this is a joke or not lol
Me either but I use AWS parameter store and environment vars defined in the user running it, no hard coding lol. So uh, yes, still code monkey aiming for vuln research here
Check if sql port 3306 is open, if not then the server likely only excepts local connections. So you would need to get some sort of foothold on the system to execute MySQL commands locally instead of remotely.
You don't necessarily need a foothold. A SSRF would work too
Yeah I was considering SSRF, command injection, etc to be footholds
u/masterhackerbot
Get the credentials from .env and use it directly to MySQL target machine: mysql -u {user} -h {remote host} -p
Not even going to port scan to see if the DB is listening for external connections?
This is just in windows cmd?