U.S. Dept Of Defense: SQL injection

2018-02-03T13:41:25
ID H1:311922
Type hackerone
Reporter alyssa_herrera
Modified 2018-04-17T18:15:06

Description

Initially I discovered a Defunct admin panel with default credentials, admin/admin. This was vulnerable to a blind SQL Injection but I wasn't able to successfully exploit the login panel. I later google dorked for php files on the subdomain and ended up finding another end point that was vulnerable to SQLI. I then used SQLMap to exploit and then read the banner and user name of the website. I ended up discovering this sub domain and the previous SQL injection shared the same database. I later google dorked the end point and found another subdomain using the same end point and exploited it in a similar fashion to this one