How Zameen.com Got Hacked

0
121
MySQL Injection In Zameen.com

Hello friends today i a going to share my find in Zameen.com which is MySQL Injection and i thing that this was the vulnerability which was used by the attacker to hack into the zameen.com server and dump the data . So lets get started.

Introduction :-

SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

And you can get more details on this over OWASP .

History :-

This vulnerability was first reported to them on 11/2/15 and there was no response to the email and was unattended until they got hacked here is the image of the email that i sent.

 

My Report

And after that i got there reply like this.

Reply

and that was it after the report there was no reply after that even though i contacted them many time for any update and the issue was not solved.

And  when they were hacked then i got this reply from them which was quite a surprise for me to see this email.

After Hack

Now the vulnerability was fixed after this email and i an glad they did take it seriously so enjoy the POC and do share it with your friends.

Here is the Video POC of the vulnerability.

LEAVE A REPLY

Please enter your comment!
Please enter your name here