SQL injection for $50 bounty, but still worth reading!!

  1. loaded the url : https://www.redacted.com/aom?utm_source=Frontpage&utm_medium=banner%20popup&utm_campaign=Frontpage%20popup%20June17%20AOM in mozilla firefox broswer.
  2. Click on the “ FOLLOW “ and capture the requests in Burpsuite.
  3. Now you will get many request followed by host :https://redacted.com, wait for the right endpoint.
  4. I found an endpoint like this:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sunil Yedla

Sunil Yedla

Bug bounty hunter | QA analyst | Security Researcher