Jul 30, 2019

SQL Injection in private-site.com/login.php

Advertisement




SQL Injection in Login.php at Private Program

Program : Private on HackerOne
Method : POST
Affected Path : Login.php
Affected Parameter : username
Bounty : Out Of Scope
-----------------------------------------------

Vulnerable url was 
private-site.com/login.php

Tool

Site was Shown to me 2 login Places 
( Username & Password) 

in Username I've put only ( ' )

Then It shows me this error
This mean This site is vulnerable to SQL injection 

Now I just capture the request 
and Add it in list.txt file 

Then Used SQLMAP to dump the database








Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

3 comments: