Easy SQLi in Amazon subsidiary using Sqlmap

1 USER UPDATED WITH AND TRUE
0 USER UPDATED WITH AND FALSE
SQLMAP
  • -r >> to retrieve the full request from file instead of url.
  • -p >> vulnerable parameter
  • -a >> to retrieve all data (databases , users , hostname,..)
  • I left — risk, — level to their default values .
  • February 27, 2017 — Bug reported
  • February 27, 2017 — Bug triaged
  • February 28, 2017 — Bug resolved
  • April 2, 2017—Bounty awarded 1500$

--

--

--

I’m a Penetration Tester, Bug Hunter @ HackerOne

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

HackTheBox — Monteverde — writeup

How to participate in DisBalancer round A2 DAO

ENS at EthCC4: Scaling ENS, Lots of Mentions, & More

Find The Best Lewisham Security Guards For Your Business: Static & Mobile Patrols

Find The Best Lewisham Security Guards For Your Business: Static & Mobile Patrols

{UPDATE} 猫吃鱼 Hack Free Resources Generator

Secure by Design — Challenges and Checkpoints

TryHackMe — Badbyte Walkthrough

{UPDATE} Animal Hair Salon - Kids Game Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mostafa Mamdoh

Mostafa Mamdoh

I’m a Penetration Tester, Bug Hunter @ HackerOne

More from Medium

How to spoof e-mails. (DMARC, SPF, and Phishing)

Extreme Hacking Mindset

I was having a discussion with a person who was upset with someone he deemed to be unpalatable and…

Beware The XSS Attack