SQL injection vulnerability on a DoD website
High
U
U.S. Dept Of Defense
Submitted None
Team Summary
Official summary from U.S. Dept Of Defense
A Department of Defense website was vulnerable to a SQL injection attack which may allow an attacker to execute arbitrary SQL commands and expose sensitive data. @vag_mour was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks to @vag_mour for discovering this vulnerability!
Actions:
Reported by
vag_mour
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
SQL Injection