Member-only story

SQL injection in largest Electricity Board of Sri Lanka

In this article I’ll describe how I found SQL injection vulnerabilities by bypassing WAF with origin IP, IDOR, and information disclosure bugs.

coffinxp
InfoSec Write-ups

Introduction

SQL Injection is a technique used by attackers to take advantage of vulnerabilities in a websites database. By inserting harmful SQL code into inputs such as forms or search fields they can reach, modify or even erase sensitive information. This vulnerability may result in unauthorized entry, data compromise, or complete server control categorizing SQLi as one of the most significant and prevalent cybersecurity threats.

Story

One day a subscriber reached out and asked if I could test for SQL injection vulnerabilities on their national Electricity Board website which was protected by Cloudflare WAF. As many of you know I often share techniques and methods for identifying SQL injection vulnerabilities so I decided to take on the challenge. So let’s begin with how I discovered this!

How i find this vulnerability

I visited the website and used the Wappalyzer extension to check the site technology stack. The extension revealed that the site was built…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Responses (16)

What are your thoughts?

What a good work.

Thank you for these valuable informations :) keep going bro.

No lo pude leer desde la App Medium porque no tengo suscripción, pero lo leí por otro medio y valió la pena. Excelente artículo 👏🏼👏🏼👏🏼

its premium ....