docs: Add Attack Scenario #2

Author: PauloASilva

2019/en/0xa7-security-misconfiguration.md

@@ -8,10 +8,21 @@ A7:2019 Security Misconfiguration
 
 ## Is the API Vulnerable?
 
-## How To Prevent
-
 ## Example Attack Scenarios
 
+### Scenario #1
+
+### Scenario #2
+
+To target a specific service, an attacker searches the API hostname on a popular
+search engine of computers directly accessible from the Internet. A popular
+database management system was running in such host, listening on the default
+port. Because the default configuration has authentication disabled by default
+and it was kept unchanged the attacker had access to millions of records with
+PII, personal preferences and authentication data.
+
+## How To Prevent
+
 ## References
 
 ### OWASP