So my school website is completely retarted in security measures, and i've been trying to get in the website for about 2 days right now, to show how shitty their security is. Now, i'm not going to give the website obviously, but basically the website is so shitty that the teacher's login page had a way to bypass it by looking at the script itself. I found out that in the website i can go to xxxx.com/classes and there i have a bunch of files like class_general.php, now i know this is sql probably bc of the classes and the name file, my questions is how do i read these files or download them and can i use them? when i click on them they retrieve blank and their size is fairly small like 11K but that's because all the other logins are on different websites, this classes probably have the teacher sample login and the admin login.
TLDR: need help reading sql files that are on .php on /classes
Im not going to hack the website, nor deface it or some shit like that, i dont even know how to code (script kid here), just need help