Jul 30, 2019

SQL Injection in private-site.com/login.php


SQL Injection in Login.php at Private Program

Program : Private on HackerOne
Method : POST
Affected Path : Login.php
Affected Parameter : username
Bounty : Out Of Scope

Vulnerable url was 


Site was Shown to me 2 login Places 
( Username & Password) 

in Username I've put only ( ' )

Then It shows me this error
This mean This site is vulnerable to SQL injection 

Now I just capture the request 
and Add it in list.txt file 

Then Used SQLMAP to dump the database

Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student