Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

@zzzhacker13 identified a Solr Injection on the userid parameter at :/v2/leaderboardv2.json. Our team analyzed internally and found that only fq=injection was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one...

Zomato: [www.zomato.com] Abusing LocalParams (city) to Inject SOLR query

Hi Team! ; I Found an limited SOLR Injection by Abusing LocalParams city in /webapi/searchapi.php, Therefore Please respect my decision to mark this report as Medium instead of High Based on the fact the code is Vulnerable even if it's hard to exploit. - Request adding single Backslash: http GET...