Нашел уязвимости

[GodRoot88]

The guys yesterday found two vulnerabilities on the US Federal website related to finance (LFI, SQL-INJ).

Through LFI I was able to read /etc/passwd, /etc/hosts, /proc/version, postfix configuration files.
In the postfix files, I found ranges of ip addresses.

I also found a page for uploading a file to a server, tried to upload an empty file, but did not find it using LFI.

I tried to unwind SQL-Injection, I got the DB name, the name of the database, and the tables in the database.
So far, it has not been possible to extract data from the tables, because in progress.

What further paths are there.
I will be glad to advice.

perhaps you can pentest an ip for me to see if it's vulnerable, right? i will pay you if you find anything in it. it's an admin panel with firewall.