[api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query
Low
Z
Zomato
Submitted None
Team Summary
Official summary from Zomato
Disclosing it as per the request from @zzzhacker13. This report is identical to #844428 but this one was on a different endpoint. POC - - `:v2/red/homepage.json?lat=&lon=&city_id={!dismax+df=city_id}86&android_country=US&lang=en&android_language=en` Zomato Security Team
Actions:
Reported by
zzzhacker13
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$150.00
Submitted
Weakness
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)