Hy Guy’s this write up is all about my SQL Injection that I found in PRIVATE program running on BugCrowd

let assume website name subdomain.private.com/registro/login. when i visit the site I saw the strange behavior this is the admin panel & the website reload it self again & again so I turn on the intercept & capture the request and tried basic bypass eg admin:admin, 1'or’1'=’1 but didn’t work there is two parm _email and _pass

I put in ’ _email parm & nothing happen but accidentally put in both _email & _pass and I got <b>Warning</b>: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near…

SQl Conform :D I tried to exploit further but failed there is WAF that block me to do further injection and them I remember our Awsm OLD facebook group of WEB INJECTORS https://www.facebook.com/groups/webinj3ct0rs/ where we try our best to solve Challenges ;) Still remember those golden days the group having there website with name http://www.securityidiots.com and then I am reading the SQL Injection at login panel http://www.securityidiots.com/Web-Pentest/SQL-Injection/bypass-login-using-sql-injection.html & found a bypass ' OR 1=1 /* it didn’t bypass the login and give me access instead of server disclose the password variable contain the password :V

Simple reported the issue to the team & this replay

I hope you guys like it :)