How I hacked into a Admin Portal of a Tech Company last night?

The question is Why I initiated the things to hack this companies portal specifically ?

So here’s the answer: In 2018 I hacked into the same companies portal and after that they deployed a fix and I was like satisfied that the vulnerability was fixed.

“With time comes knowledge and with knowledge comes change.”

So, I decided to again browse that Companies Web Portal and see if I can break into that.

WebPortal : https://www.site.com

Directory bursting lead me to the admin login URL and I tried few things but no luck this time.

Admin Url: https://www.site.com/admin

Moving Further I decided to execute time base SQL Injection

I input the username as hello and password as hello in the admin login portal

then intercepted the same request with BurpSuite , POST Request it was.

Started fuzzing the sql commands on the username and password parameters

and it started giving me results and I was able to fetch the database from the web portal.

Reported Immediately to the Company.