Easy SQLi in Amazon subsidiary using Sqlmap

1 USER UPDATED WITH AND TRUE
0 USER UPDATED WITH AND FALSE
SQLMAP
  • -r >> to retrieve the full request from file instead of url.
  • -p >> vulnerable parameter
  • -a >> to retrieve all data (databases , users , hostname,..)
  • I left — risk, — level to their default values .
  • February 27, 2017 — Bug reported
  • February 27, 2017 — Bug triaged
  • February 28, 2017 — Bug resolved
  • April 2, 2017—Bounty awarded 1500$

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mostafa Mamdoh

Mostafa Mamdoh

I’m a Penetration Tester, Bug Hunter @ HackerOne