14Şub
Conducting a proof-of-concept attack on an open MySQL port
I am not very experienced nor do I have acceptable knowledge, that is why I have signed up to work on a small project to gain some experience, where they don't seem to care about security much.
After running a scan, I noticed that they have many unnecessary open ports (including MySQL server: 3306) and are horrifically vulnerable.
I want to somehow show them that what they think is a passive thing is a great way of exploiting their system, but I am not looking to run a full penetration or Thread Emulation test, since I am not that experienced to go through these.
Is there any way to access their database without causing them harm, just to notify them about the situation?
