Description: this video is demo of inside attack on database without any front-end web application.
The user (insider attacker) with legitimate access chooses to decompile the Java to get information allowing him to directly access the database.
With elevated privileges, the user is able to access more sensitive data.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
most of the attacks on an enterprise is from inside. nice video.
Using the application's credentials for database access, not his own, he could operate with the privileges granted to the Java application.