SQL Injection in private-site.com/login.php - Mohamed Haron

Mohamed Haron

This Personal Blog about Security and Writes-Up

Jul 30, 2019

SQL Injection in private-site.com/login.php

SQL Injection in Login.php at Private Program

Program : Private on HackerOne
Method : POST
Affected Path : Login.php
Affected Parameter : username
Bounty : Out Of Scope

Vulnerable url was 


Site was Shown to me 2 login Places 
( Username & Password) 

in Username I've put only ( ' )

Then It shows me this error
This mean This site is vulnerable to SQL injection 

Now I just capture the request 
and Add it in list.txt file 

Then Used SQLMAP to dump the database