Loading HuntDB...

stripo blog search SQL Injection

Medium
S
Stripo Inc
Submitted None
Reported by bluebridsec

Vulnerability Details

Technical details and impact analysis

SQL Injection
## Summary: Sql injection of search parameters at blog search request ## Steps To Reproduce: 1. request https://stripo.email/blog/search/ 2. input search `1' AND (SELECT 6268 FROM (SELECT(SLEEP(5)))ghXo) AND 'IKlK'='IKlK` 3. See a very large response delay ## Supporting Material/References: See attached screenshot ## Impact Causes an attacker to obtain database information

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

SQL Injection