stripo blog search SQL Injection

Disclosed: 2020-01-30 11:50:16 By bluebridsec To stripo

Medium

Vulnerability Details

## Summary: Sql injection of search parameters at blog search request ## Steps To Reproduce: 1. request https://stripo.email/blog/search/ 2. input search `1' AND (SELECT 6268 FROM (SELECT(SLEEP(5)))ghXo) AND 'IKlK'='IKlK` 3. See a very large response delay ## Supporting Material/References: See attached screenshot ## Impact Causes an attacker to obtain database information

Actions

View on HackerOne

Report Stats

Report ID: 761382
State: Closed
Substate: resolved
Upvotes: 11

stripo blog search SQL Injection

Vulnerability Details

Actions

Report Stats

Share this report