Security researcher earns $15000 biggest bug bounty for Russian internet company giant Mail.Ru
Security researcher Ramazan (r0hack) discovered a Bind (time-based) SQL injection in https://city-mobil.ru website due to the unsafe usage of the GET parameter for which he was awarded $15000 So far, this is the largest awarded vulnerability disclosed in Mail.ru and the second biggest bounty awarded on the bug bounty platform Hackerone after just one bug bounty award of $20000 Time-based SQL Injection is an SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE which will allow the attacker to figure out if the payload used true or false Full details of the vulnerability have not been yet polished by the researcher and more information can be found at https://hackerone.com/reports/868436 Mail.Ru is a major Russian internet company whose sites reach approxima...
Comments
Post a Comment