U.S. Dept Of Defense: SQL injection vulnerability on a DoD website

2016-12-07T05:20:34
ID H1:189069
Type hackerone
Reporter korprit
Modified 2017-06-16T16:19:48

Description

A Department of Defense website was vulnerable to a SQL injection attack which may allow an attacker to execute arbitrary SQL commands and expose sensitive data. @korprit was able to demonstrate this vulnerability by crafting a specially formatted URL.