SQL Injection Via Stopping redirection to a login page

Hi everyone,

in this simple small write up, I’ll describe how I was able to exploit a SQL injection vulnerability Via stopping redirection to a login Amin page!

Actualy while testing on a subdomains , related to razer company called “ rsa3072.razersynapse.com“

going to access /admin page → page 200 → redirects again to the login page , Decided to stop the redirection using an known extention named “Noredirect” , and here is what i got exactly ( See the image down )!

Actulay this is a bypass for the /admin part ! we got many sensitive data like game Keys , Emails , users creds ,..

After that i decided to search for more links , maybe there will be something interesting !

Access’d a game link , looks like →/source-data/view?source_data_id=[id]

tried to inject (‘) after the id , got a 500 inernal server error !

Tried a sql injection command to see if the response with return to 200!, the first thing i tried is order by 1- -, and yes i was right! the page returned 200 ok.

So i decided to use sqlmap for auto detecting the type of injection and for easy injecting !

Here is a small picture to show the final injection with sqlmap , Never forget to stopp the redirection while injecting with sqlmap tool ! cuz it will automatiquuely redirects you to login page ! so no injection can be performed there!

For manual injection , i’ll shot over other write ups Nshallah !

So That’s all !
Thank you for reading!

Regards,

St00rm

📝 Save this story in Journal.

👩‍💻 Wake up every Sunday morning to the week’s most noteworthy stories in Tech waiting in your inbox. Read the Noteworthy in Tech newsletter.