Thinking to expose your service that fetches content from some user given MySQL server? Think again. You may expose the client to LFI vulnerability via MySQL client feature. Recently I found a public webpage that was used to connect to a remote MySQL database, from a bug bounty program. User was able to input server … Continue reading Abusing MySQL clients to get LFI from the server/client