08-05-2025, 08:49 AM
Hello everyone! This is my first post, where I want to share a very simple vulnerability I found at IZZI, one of the largest internet service providers in Mexico. To exploit it, you just need to access the login panel or the password recovery section, enter some fake credentials, capture the request with Burp Suite, and pass it to SQLMap. I was unsuccessful extracting the tables, possibly due to a bug in SQLMap. See:
https://github.com/sqlmapproject/sqlmap/issues/4613
If anyone manages to extract the tables, I'd love a direct message so we can work together and see what could have been done. This is not for profit or anything like that; it's just a vulnerability I wanted to share here.
https://imgur.com/a/8FeT7l5
https://github.com/sqlmapproject/sqlmap/issues/4613
If anyone manages to extract the tables, I'd love a direct message so we can work together and see what could have been done. This is not for profit or anything like that; it's just a vulnerability I wanted to share here.
https://imgur.com/a/8FeT7l5