Khan Academy: [critical] sql injection by GET method

Hey there, after tampering a bit with the values, since I figured out your backend is not php most likely django or nodejs, I found an SQL injection . You can view my steps to reproduce, if you need additional screenshots, please let me know. Regards Gabriel Kimiaie Impact If I dig deeper, I may ...

Zomato: [www.zomato.com] Boolean SQLi - /█████.php

@gerbenjavado found that the parameter entityid was vulnerable to SQLi on endpoint /████.php using a Boolean technique. POC The POC uses ifmid@@version,1,1=5 which returns a 200 ok message. If changed for ifmid@@version,1,1=4 the server gives a 500 or 504 error, confirming the SQLi and proving da...