🔐 Lab 9.2 – Exploiting Gloin

Target: gloin.shire.org
Objective: Exploit vulnerabilities to gain unauthorized access, enumerate sensitive data, and understand mitigation strategies.

---

📌 Overview

This project focuses on exploiting a vulnerable web application using SQL Injection (SQLi) techniques against an SQLite back end. The goal was to bypass authentication, enumerate database tables, extract credentials, and explore potential privilege escalation paths.

---

🖥️ Target Information

• Target IP: 10.0.5.31
• Open Ports:
  • 80/tcp – HTTP (Web Application)
  • 443/tcp – HTTPS

Identified via:

nmap -sV 10.0.5.31

---

🕳️ Discovered Vulnerability

• Type: SQL Injection (Authentication Bypass + Data Extraction)
• Injection Point: