Hi guys this one of the severe issue i have found on any website that runs bug bounty. Well you can say i had the whole database of a top top-not company with millions of credit card, debit card, and all kind of information which which is just enough to screw the company and its users if it would have felled into wrong hands.
Website : https://shopclues.com
During reconnaissance i found two pages (05/03/2017)
both are same and contains the same vulnerability .
when i put single quote to check if the website vulnerable to sql injection or note i got redirected to home page. I used “No Redirect” so i can stop page redirection. As i have assumed their exist a sqli 🙂
Found vulnerable columns 5, 7, 14, 13. Now extracted the name of databases.
Extracting tables & columns
06/03/2017 : Reported
08/03/2017 : Got Fixed
Video proof of concept : https://youtu.be/dwN_dJBMCoM
Thanks for reading,
Follow me on twitter @spidersec