sqlpad.sightless.htb
The virtual host / sub-domain ,sqlpad.sightless.htb has been identified in the Web server on the target port 80
Redirected to /queries/new
It’s SQLPad
SQLPad is an open-source web-based SQL editor designed for running queries and visualizing results, ideal for collaborative data exploration. It supports multiple database connections, query scheduling, and result sharing, making it useful for teams. With features like charting, CSV downloads, and role-based access, it simplifies SQL analysis without needing a full data warehouse solution.
Version
The version information can be checked through the About button
Vulnerability
Looking it up online for vulnerabilities, the target SQLPad instance appears to suffer from a Template Injection vulnerability leading to Remote Code Execution; [[Sightless_CVE-2022-0944#[CVE-2022-0944](https //nvd.nist.gov/vuln/detail/CVE-2022-0944)|CVE-2022-0944]]