BOOK THIS SPACE FOR AD
ARTICLE ADThe discovery of this vulnerability began when I visited an e-commerce website.
At first I just did normal testing for fun like Idor, XSS, information disclosure etc.
But I haven’t found Idor or XSS there, maybe I’m not careful enough.
Then I tried adding any product to my cart just to find out how the purchasing process works, I hoped to find information disclosure or IDOR here but there was nothing interesting.
When I got to the payment point I saw that we could use a coupon code to get a discount, I didn’t think long and immediately tested it to find something interesting.
I tried using code “test” for testing and intercepting requests using burp suite.
More or less like this is the request and response :
Of course the “test” coupon code is not valid because it is only for my testing.
Then I added ‘ to check if it is vulnerable to sql injection.
I was quite pleased when I saw the coupon code response “test‘’” which told me that the function was vulnerable to SQL injection attacks.
Because I saw that there was no waf protection on this web application, I copied the request and saved it into the req.txt file for automation using sqlmap.
After waiting a while for SqlMap to complete its analysis, I was quite satisfied with the results, because I knew that the coupon code function was indeed vulnerable to SQL injection.
sqlmap command that I use :
python2 sqlmap.py -r req.txt --random-agent --tamper=space2comment --level=5 --risk=3 --no-cast -p coupon --dbsDo I get a bounty for this?
I didn’t expect more, because this is not a bug bounty program like the ones from hackerone, yeswehack or bugcrowd.
But after seeing that this e-commerce website was quite large with thousands of followers on X, Facebook, Instagram and also TikTok, I decided to report it via the email I got on the contact us page.
Until now there has been no reply from the team regarding my report :)
Maybe this is the only short story I can share, I still have several drafts of interesting articles that I haven’t published because I’m still waiting for confirmation from the team.
So don’t forget to follow me.
X : Ghee1337
Telegram channels : https://t.me/bugbounty_reference