Member-only story
While doing some research on some payment gateway in my target. I almost check everything including every parameter. what i did was every parameter i gather scan it on sqlmap since theres no rate limit on some api endpoint.
Discovery:
when check on this endpoint i notice that when i add ‘ it throw a response of 500 internal error
so i quickly escalate this using sqlmap using time based
sqlmap -r request.txt -p filterOrders -D redacted — dump — batch
the security team ask me if I can exfiltrate the data
so dump each tables and exposed sensitive information of other user including hash password.
security team response
They patch the bug within the day after i send the reported bug :)
