.png)
3 years ago
166 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi. As I promised, I said I would write a post if the first SQLi was confirmed. It’s not really a big deal, but I thought it would be useful for insecure people like me. And since it’s a private program, I’m sorry that I couldn’t share detailed content with the community despite asking for permission. Anyway.
While watching PoC videos, I received an invitation from a Special program. I immediately started investigating. It was not a crowded program. And no report has been sent in this program for a long time While examining the application, the filters in the search area caught my attention. I did a search with all the filters and sent this request to Burp. There were about 7 filters, I tried the filters “ ‘ and \ “ one by one. These are important characters for SQLi. When I put a \ sign in one of the parameters, the value of that parameter is lost. I’m starting to get suspicious here. I tried several Time Based payloads in turn and one of them worked.
I then tried to pull the database with sqlmap for an effective PoC. This was also successful.
Then I prepared a report that I thought was good. And I sent it. After a day, they said that this vulnerability was fixed and they gave swag gift.
I am the first swag award recipient of this program. It’s a really nice feeling.
And never give up. One day you will reap the rewards of your efforts. Trust me!
19 July= Reported
20 July= Fixed and swag!
Bengali (Bangladesh) · 
English (United States) ·