Day 36/100 Hack and Improvement

less than 1 minute read

Day 36 comes with a resource related to server misconfigurations and a pretty simple SQL injection found on MEGA.NZ by Naresh LamGade

From Rajesh Ranjan. Here is the link of writeup.

SQL Injection On MEGA.NZ

From Sam (CoffeeJunkie). Among other vulnerabilities, something that always seemed so interesting and at the same time complex it was SQL injections which achieves different functionalities in the web application and can cause disasters in bad hands. In this case it was pretty interesting to read from Naresh LamGade his write up about finding SQL Injection On Mega.NZ

Naresh LamGade started looking for subdomains where he found https://stats.admin.mega.nz/ and decided to try a simple SQL injection with just a (') character and he got a SQL Error. Therefore he proceeds to report it right away.

FULL write up here

Leave a comment