U.S. Dept Of Defense: SQL injection vulnerability on a DoD website

ID H1:189069
Type hackerone
Reporter korprit
Modified 2017-06-16T16:19:48


A Department of Defense website was vulnerable to a SQL injection attack which may allow an attacker to execute arbitrary SQL commands and expose sensitive data. @korprit was able to demonstrate this vulnerability by crafting a specially formatted URL.