Day 36 comes with a resource related to server misconfigurations and a pretty simple SQL injection found on MEGA.NZ by Naresh LamGade
SQL Injection On MEGA.NZ
From Sam (CoffeeJunkie). Among other vulnerabilities, something that always seemed so interesting and at the same time complex it was SQL injections which achieves different functionalities in the web application and can cause disasters in bad hands. In this case it was pretty interesting to read from Naresh LamGade his write up about finding SQL Injection On Mega.NZ
Naresh LamGade started looking for subdomains where he found
https://stats.admin.mega.nz/ and decided to try a simple SQL injection with just a
(') character and he got a SQL Error. Therefore he proceeds to report it right away.
FULL write up here