SQL injection, tile ID

Disclosed: 2014-08-07 18:50:00 By bitquark To uzbey

Unknown

Vulnerability Details

The tile ID parameter to the tile image script is vulnerable to SQL injection. The following will cause the script to run a benchmark, returning 8-10 seconds later: https://staging.uzbey.com/tiles1600/693/sleep(10)

Actions

View on HackerOne

Report Stats

Report ID: 17225
State: Closed
Substate: resolved
Upvotes: 2

SQL injection, tile ID

Vulnerability Details

Actions

Report Stats

Share this report