I was wondering what are the methods you can use to gain access to a website’s database as a Web App Pen tester?
Here are three methods I use:
- shell upload via upload file vunurability(burp suite)
- bruteforcing phpmyadmin login of the website
- mysql injection via mysqlmap
Please any other suggestions will be helpful to the community, thanks.