Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
@zzzhacker13 identified a Solr Injection on the user_id parameter at :/v2/leaderboard_v2.json. Our team analyzed internally and found that onlyย fq={injection}ย was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one could have just changed the filter query but it wasn't possible to update the fields or anything with these methods. After the report from @zzzhacker13, the team started analyzing the endpoint and discovered an SQLi (boolean based blind SQLi) on another parameter in the same codebase. We went ahead and fixed the issue. The SQL injection, however, was critical as per our internal metrics, hence we considered this to be critical because it was discovered as an indirect effect of this report and rewarded the max bounty as per our policies. | Action | Timeline (6 Aug, 2020) | |---|---| | Reported | 18:18 IST | | Investigation started | 18:23 IST | | Report validated | 18:30 IST | | Initial contact | 18:56 IST | | SQLi identified (internally) | 19:08 IST | | Triaged | 19:12 IST | | Patch PR released and merged | 19:40 IST | | Patch deployed | 22:00 IST | | Severity updated | 22:51 IST | | Rewarded | 23:12 IST | Thanks, Zomato Security... ...



๐Ÿ“Œ Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json


๐Ÿ“ˆ 125.61 Punkte

๐Ÿ“Œ Zomato: [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s)


๐Ÿ“ˆ 63.68 Punkte

๐Ÿ“Œ Zomato: [api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query


๐Ÿ“ˆ 61 Punkte

๐Ÿ“Œ Zomato: Improper validation allows user to unlock Zomato Gold multiple times at the same restaurant within one day


๐Ÿ“ˆ 42.45 Punkte

๐Ÿ“Œ Zomato: Open AWS S3 bucket leaks all Images uploaded to Zomato chat


๐Ÿ“ˆ 42.45 Punkte

๐Ÿ“Œ Zomato: [www.zomato.com] Blind XSS on one of the Admin Dashboard


๐Ÿ“ˆ 42.45 Punkte

๐Ÿ“Œ Zomato: Zomato Map server going out of memory while resizing map image


๐Ÿ“ˆ 42.45 Punkte

๐Ÿ“Œ Zomato: Availing Zomato gold by using a random third-party `wallet_id`


๐Ÿ“ˆ 42.45 Punkte

๐Ÿ“Œ CVE-2019-12409 | Apache Solr 8.1.1/8.2.0 Configuration File solr.in.sh unrestricted upload (K23720587)


๐Ÿ“ˆ 37.09 Punkte

๐Ÿ“Œ Solr-GRAB - Steal Apache Solr Instance Queries With Or Without A Username And Password


๐Ÿ“ˆ 37.09 Punkte

๐Ÿ“Œ Zomato: Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter


๐Ÿ“ˆ 30.95 Punkte

๐Ÿ“Œ Apache Solr 8.2.0 DataImportHandler Parameter weak authentication


๐Ÿ“ˆ 28.27 Punkte

๐Ÿ“Œ CVE-2019-10752 | Sequelize up to 4.44.2 JSON Query sequelize.json sql injection


๐Ÿ“ˆ 26.92 Punkte

๐Ÿ“Œ Aj Square AJDating 1.0 view_profile.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ phpx 3.5.15 gallery.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ DigitalHive 2.0 Rc2 gestion_membre.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ EQdkp 1.3.2f User Authentication login.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ dotProject 2.1.2 index.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ PHPAuctions Nil profile.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ ASP Portal add_edit_user.asp user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ PHPX users.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ Warphd Com Jvideo 0.3.6 index.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ PHPSHE 1.7 admin.php user_id[] sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ K-iwi Framework 1775 admin/user/group/update user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ BlueCMS 1.6 user.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ [webapps] Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ #0daytoday #Stock Management System 1.0 - (user_id) Blind SQL injection Vulnerability [#0day #Exploit]


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2022-34621 | Mealie 1.0.0beta3 user_id resource injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2022-24187 | Ourphoto App 1.4.1 on iOS /device/ user_id/device_id resource injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2023-1035 | SourceCodester Clinics Patient Management System 1.0 update_user.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2020-26625 | Gila CMS up to 1.15.4 user_id sql injection (ID 176301)


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2024-0475 | code-projects Dormitory Management System 1.0 modifyuser.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2019-18663 | ARP-GUARD 4.0.0-5 /login/forgot1 user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2023-1940 | SourceCodester Simple and Beautiful Shopping Cart System 1.0 delete_user_query.php user_id sql injection


๐Ÿ“ˆ 25.59 Punkte

๐Ÿ“Œ CVE-2023-6312 | SourceCodester Loan Management System 1.0 Users Page deleteUser.php delete_user user_id sql injection


๐Ÿ“ˆ 25.59 Punkte











matomo