#
SQL Injection
2 posts
HTB Connected: From Unauthenticated SQLi to Root via FreePBX, incron & Sudoers Hijack
An unauthenticated SQL injection in FreePBX 16.x (CVE-2025-57819) allows credential extraction and hash replacement, leading to admin access. POST_RELOAD shell injection provides RCE as asterisk. A world-writable incron trigger file and writable module directory enable sudoers hijack for root.
Trick — DNS Zone Transfer to Fail2Ban Privilege Escalation
A multi-stage attack chain combining DNS Zone Transfer, SQL Injection, FILE privilege abuse, LFI, SSH key theft, and a Fail2Ban misconfiguration to obtain root access.