How I found Bug in ARMY.MIL.MY [SQLi] | Ungku Nazmi

Reporting How I found Bug in ARMY.MIL.MY [SQLi]

Published on | Classified in | heat

Be yourself use your brain

Anything u learned from the Blog just for research and educational purposes only Do not use the knowledge for illegal things.

[Risk Factors]

SQL injection (SQLi) is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database. According to the Open Web Application Security Project, injection attacks, which include SQL injections, were the third most serious web application security risk

By Passing Authentication : ...

Identifying Injectable Parameters : ...

Executing Remote Commands : ...

Denial of Service : ...

Database Finger Printing :

[Website Information]

Able to register as normal user.

[Vulnerability to reproduce]

NO EXPLOITATION CODE TO USE

1

2

3
 
Vulnerable : http://**.ARMY.MIL.MY

SQLi Vulnerable

http://**.army.mil.my/*/*/Sa*.php?No_IC=1'

Unfortunately, I'm able to Inject Sqli Error into the System

[DISCLAIMER]

This issue has been reported to Cyber999 Team the bug had already been fixed..


Sorry about my english, is so bad😅
If you have any questions or suggestions, make sure to hit me in any of these mediums or the comments.


Thanks for reading.