H2 - Java SQL database
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
You can indicate a non-existent name a of database in order to create a new database without valid credentials (unauthenticated):
Or if you know that for example a mysql is running and you know the database name and the credentials for that database, you can just access it:
Trick from box Hawk of HTB.
Official page:
Having access to communicate with the H2 database check this exploit to get RCE on it:
In a payload is explained to get RCE via a H2 database abusing a SQL Injection.
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.