Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-05
Full Version: HackerOne Disclosed Reports - 2025-03-05
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

03-06-2025, 07:00 PM
Logo
Critical
resolved

SQLi | in URL paths


Bug reported by mmakingdom was disclosed at March 6, 2025, 11:54 am   |   SQL Injection

A SQL Injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a single quote to the customerId parameter, which resulted in an error message indicating that the application was vulnerable to SQL injection attacks. Tools such as SQLmap were used to confirm the vulnerability and gain access to the database.


Logo
Medium
resolved

CVE-2023-5561 on Payapps.com


Bug reported by ??? ℜ???? ??? was disclosed at March 5, 2025, 5:35 pm   |   Information Disclosure

A vulnerability was identified at the WordPress site on payapps.com. This vulnerability allowed unauthenticated attackers to discern the email addresses of users who have published public posts. The vulnerability has been fixed.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-05