How I Found an SQL Injection in coupon code

1 week ago 24
BOOK THIS SPACE FOR AD
ARTICLE AD

Ghee1337

The discovery of this vulnerability began when I visited an e-commerce website.
At first I just did normal testing for fun like Idor, XSS, information disclosure etc.

But I haven’t found Idor or XSS there, maybe I’m not careful enough.

Then I tried adding any product to my cart just to find out how the purchasing process works, I hoped to find information disclosure or IDOR here but there was nothing interesting.

When I got to the payment point I saw that we could use a coupon code to get a discount, I didn’t think long and immediately tested it to find something interesting.

I tried using code “test” for testing and intercepting requests using burp suite.

More or less like this is the request and response :

Of course the “test” coupon code is not valid because it is only for my testing.
Then I added ‘ to check if it is vulnerable to sql injection.

I was quite pleased when I saw the coupon code response “test‘’” which told me that the function was vulnerable to SQL injection attacks.

Because I saw that there was no waf protection on this web application, I copied the request and saved it into the req.txt file for automation using sqlmap.

After waiting a while for SqlMap to complete its analysis, I was quite satisfied with the results, because I knew that the coupon code function was indeed vulnerable to SQL injection.

sqlmap command that I use :

python2 sqlmap.py -r req.txt --random-agent --tamper=space2comment --level=5 --risk=3 --no-cast -p coupon --dbs

Do I get a bounty for this?
I didn’t expect more, because this is not a bug bounty program like the ones from hackerone, yeswehack or bugcrowd.

But after seeing that this e-commerce website was quite large with thousands of followers on X, Facebook, Instagram and also TikTok, I decided to report it via the email I got on the contact us page.

Until now there has been no reply from the team regarding my report :)

Maybe this is the only short story I can share, I still have several drafts of interesting articles that I haven’t published because I’m still waiting for confirmation from the team.

So don’t forget to follow me.

X : Ghee1337
Telegram channels : https://t.me/bugbounty_reference

Read Entire Article