Description
Blind (time based) SQL injection in news.mail.ru due to insecure use of user-controlled GET parameter
{"id": "H1:732430", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.ru: Blind SQL Injection on news.mail.ru", "description": "Blind (time based) SQL injection in news.mail.ru due to insecure use of user-controlled GET parameter", "published": "2019-11-08T14:17:17", "modified": "2020-03-10T17:12:54", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/732430", "reporter": "asdqwedev", "references": [], "cvelist": [], "lastseen": "2020-03-10T18:24:39", "viewCount": 3, "enchantments": {"dependencies": {}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 2.0}, "bounty": 3000.0, "bountyState": "resolved", "h1team": {"url": "https://hackerone.com/mailru", "handle": "mailru", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/variants/000/000/065/1ec04a6b87b02422d913b5c53d5247de91d64718_original.png/3afcb5c896247e7ee8ada31b1c1eb8657e22241f911093acfe4ec7e97a3a959a", "medium": "https://profile-photos.hackerone-user-content.com/variants/000/000/065/1ec04a6b87b02422d913b5c53d5247de91d64718_original.png/eb31823a4cc9f6b6bb4db930ffdf512533928a68a4255fb50a83180281a60da5"}}, "h1reporter": {"disabled": false, "username": "asdqwedev", "url": "/asdqwedev", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/variants/H6SkEca8cEahczjZttfYV6zu/3afcb5c896247e7ee8ada31b1c1eb8657e22241f911093acfe4ec7e97a3a959a"}, "is_me?": false, "cleared": false, "hackerone_triager": false, "hacker_mediation": false}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645476348}}
{}
Mail.ru: Blind SQL Injection on news.mail.ru