SQLI via stopping the redirection to a login page

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 17 hours ago · bug-bounty
quality 5/10 · average
0 net
AI Summary

Researcher discovered SQL injection in Razer's admin panel by bypassing redirect-to-login protections using the Noredirect browser extension, allowing access to sensitive data including game keys and user credentials via the /source-data/view endpoint.

Tags
sql-injection authentication-bypass redirection-bypass admin-panel sqlmap web-application bug-bounty razer
Entities
rsa3072.razersynapse.com Razer Noredirect sqlmap Abde Ouabala
SQL Injection Via Stopping the redirection to a login page | by Abde Ouabala - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original SQL Injection Via Stopping the redirection to a login page Hi everyone, Abde Ouabala Follow ~2 min read · March 3, 2020 (Updated: December 13, 2021) · Free: Yes in this simple small write up, I'll describe how I was able to exploit a SQL injection vulnerability Via stopping redirection to a login Amin page! Actualy while testing on a subdomains , related to razer company called " rsa3072.razersynapse.com " going to access /admin page → page 200 → redirects again to the login page , Decided to stop the redirection using an known extention named "Noredirect" , and here is what i got exactly ( See the image down )! Actulay this is a bypass for the /admin part ! we got many sensitive data like game Keys , Emails , users creds ,.. After that i decided to search for more links , maybe there will be something interesting ! Access'd a game link , looks like → /source-data/view?source_data_id=[id ] tried to inject (') after the id , got a 500 inernal server error ! Tried a sql injection command to see if the response with return to 200!, the first thing i tried is order by 1- -, and yes i was right! the page returned 200 ok. So i decided to use sqlmap for auto detecting the type of injection and for easy injecting ! Here is a small picture to show the final injection with sqlmap , Never forget to stopp the redirection while injecting with sqlmap tool ! cuz it will automatiquuely redirects you to login page ! so no injection can be performed there! For manual injection , i'll shot over other write ups Nshallah ! So That's all ! Thank you for reading! Regards, St00rm 📝 Save this story in Journal . 👩‍💻 Wake up every Sunday morning to the week's most noteworthy stories in Tech waiting in your inbox. Read the Noteworthy in Tech newsletter . #security #bug-bounty #noob #testing #web-apps Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).
← Back to stories