Scribd
Upload
26 views2 pages

Poc

A SQL injection vulnerability was identified on the Hyundai Spain website, which could allow unauthorized access to sensitive data and potentially lead to significant business impacts. The attacker provided a specific URL that demonstrates the vulnerability and urged for remediation by checking the database. The document also includes a request for clarification on various unrelated topics, indicating the sender's intent to contribute positively to the website's security.

Uploaded by

Mahmoud Ramadan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
26 views2 pages

Poc

A SQL injection vulnerability was identified on the Hyundai Spain website, which could allow unauthorized access to sensitive data and potentially lead to significant business impacts. The attacker provided a specific URL that demonstrates the vulnerability and urged for remediation by checking the database. The document also includes a request for clarification on various unrelated topics, indicating the sender's intent to contribute positively to the website's security.

Uploaded by

Mahmoud Ramadan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Vulnerability name :

Sql Injection / GET

I found this security vulnerability on one of your websites, namely:


hyundai spain: http://hyundai.es

Path:
http://hyundai.es/accesorios/index.php?route=product
%2Fcategory&path=135_59_158_159&family_id=[t&fbclid=IwAR1NC2M33w-
TJCjWYzk9iLkQDCpYSUAJ14fvlMYA0b9pJLzcDULfGEKzhrE

Security Impact :
SQL injection, also known as SQLI, is a common attack vector that uses malicious
SQL code for backend database manipulation to access information that was not
intended to be displayed. This information may include any number of items,
including sensitive company data, user lists or private customer details.

The impact SQL injection can have on a business is far-reaching. A successful


attack may result in the unauthorized viewing of user lists, the deletion of entire
tables and, in certain cases, the attacker gaining administrative rights to a
database, all of which are highly detrimental to a business.

When calculating the potential cost of an SQLi, it’s important to consider the loss
of customer trust should personal information such as phone numbers, addresses, and
credit card details be stolen.

Remediation :
I will show you the error link that led to the SQL injection .. so please check the
database and try to fix this error

Poc :

path for security vulnerability:


http://hyundai.es/accesorios/index.php?route=product
%2Fcategory&path=135_59_158_159&family_id=[t&fbclid=IwAR1NC2M33w-
TJCjWYzk9iLkQDCpYSUAJ14fvlMYA0b9pJLzcDULfGEKzhrE

Database name : hyundai_accesorios

Version: 5.5.51

Server type: Apache

User: hyuacc@localhost

And I left pictures of some tables and columns in the database..

And I acknowledge all the terms and conditions that you have put in place .. and my
goal is to contribute to the improvement of your protection. Thank you

‫اطالنتس‬
https://www.kids.almo7eb.com/play-2677.html

https://www.bshwat.com/video/watch.php?vid=43b9605c1

Hello !,
I apologize for my inconvenience, but I am sending you this mail to confirm my
desire to complete the procedures with you.

In addition to that, I was facing a problem with the internet, so I wanted to make
sure that you had received my previous message.

Thank you, with all my appreciation.

with my respect,
Mahmoud Ramadan

‫ولكن هل بوسعي ان استفسر عن شئ؟‬

‫ هل هو محتوي من اختياري ام من اختياركم ؟‬، ‫ما هو نوعية المحتوي الذي سوف اقدمه للطالب؟‬

‫وهل يمكنكم اعطائي تفاصيل اكثر عن الدورة التي سوف اقدمها من حيث سعر تلك الدورة؟‬

‫وكيف سيتم تحويل الراتب الخاص بي عند االنتهاء من العمل الخاص بي؟‬

‫اعتذر عن تلك االستفسارات ولكن هذه االستفسارات لم تكن واضحة‬

You might also like