Boolean-Blind SQLi on `order_id` parameter

Program: Zomato Bug Type: SQL Injection (Boolean-based Blind) Bounty: 1000 Date: 2018-05-29

sqli boolean-based blind-sqli

Summary

There was an endpoint called order_id in zomato's website that was vulnerable to Boolean-based Blind SQL injection. Requesting order_id='-if(1=2,'0','1')-' changed the response length and on further investigation from the researcher, found out that the data could be dumped, using automated tools such as SQLmap.

References

https://hackerone.com/reports/358669

← Back to Reports