Sometime ago, scrolling through the Chrome newsfeed, I came across a story by YourStory about ‘ExpertRight‘.
YourStory covered ExpertRight and gave info. about this startup from Rajasthan, India.
Basically,
ExpertRight is a platform to hire freelancers for a short time period work.
This seemed interesting, though nothing very new so I checked out their site…
The site was good too & then something happened!
As I was surfing the Freelancer’s page, I clicked on a freelancer’s profile to check some info. & there I found out that the url was in the ‘.php?id=’ format.
If you know even some basics about pentesting, you know this can lead to an SQL Injection… So I tested the site & found that it was indeed vulnerable to SQL Injection Attacks!
To verify,
I registered on the site & then downloaded all the entries from ‘users’ table in their database (backend MySql) & I did find my info. I straight away fired a tweet (screenshot below) to Ayush Goyal (ExpertRight) about this and we talked about it.
Of course being a new startup, I was requested to pull off that tweet which I did (screenshot below). But as you can see that the vulnerability was disclosed in January 2020, it still isn’t fixed & so I decided to shoot a post about it.
If you are one of those who are actually using the platform, I’d just say to be careful until they fix the vulnerability.
Leave a Reply