stripo blog search SQL Injection
Medium
S
Stripo Inc
Submitted None
Actions:
Reported by
bluebridsec
Vulnerability Details
Technical details and impact analysis
## Summary:
Sql injection of search parameters at blog search request
## Steps To Reproduce:
1. request https://stripo.email/blog/search/
2. input search `1' AND (SELECT 6268 FROM (SELECT(SLEEP(5)))ghXo) AND 'IKlK'='IKlK`
3. See a very large response delay
## Supporting Material/References:
See attached screenshot
## Impact
Causes an attacker to obtain database information
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
SQL Injection