Square: Blind SQL injection in www.bookfresh.com
The resource at /reservations doesn't properly sanitise the "client" variable before putting it into a MySQL statement. This results in a Blind SQL Injection vulnerability. We can demonstrate the vulnerability by making the SQL server wait for a while before responding. PoC wait a while:...