Mail.ru: [cfire.mail.ru] Time Based SQL Injection 2

2016-01-15T23:45:45
ID H1:111003
Type hackerone
Reporter haxta4ok00
Modified 2020-04-01T07:54:09

Description

Time based blind SQLi in cfire.mail.ru due to unsafe usage of cookie value.

On the moment of reporting, Extended scope was not covered with bug bounty, bounty was awarded as a bonus.