SQL Injection at https://████ via ███ parameter
Critical
S
Sony
Submitted None
Team Summary
Official summary from Sony
The researcher reported that a Sony website was vulnerable to a time-based SQL injection. The researcher was able to demonstrate the vulnerability by running a sleep() command on the underlying database. The researcher then used SQLMap to extract data from the database such as table names, the database user name, and the database hostname.
Actions:
Reported by
kauenavarro
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
SQL Injection