How I Found Sql Injection on intensedebate.com (h1) in 5 minute $350

I’m here to tell you how I found SQL injection on this website at HackerOne just in 5 minutes and I got 350$ without any tools to recon

just I used my mind and google search after 2 or 3 minutes I found a zip on a website like https://intensedebate.com/intensedebate.zip I downloaded this zip I saw source code of some file PHP like this

<img src=”http://intensedebate
.com/midimages/<?php echo get_usermeta($user_ID, ‘id_userID’);?>” alt=”[Avatar]” class=”idwp-avatar” />
<h3 class=”idwp-floatnone”><?php printf(__(‘Synchronizing as %s’, ‘intensedebate
‘), ‘<a href=”http://www.intensedebate
.com/people/'.get_usermeta($user_ID, ‘id_username’).’”>’.get_usermeta($user_ID, ‘id_username’).’</a>’); ?></h3>
<p class=”idwp-floatnone”><a href=”http://www.intensedebate
.com/userDash"><?php _e(‘Dashboard’, ‘intensedebate
‘); ?></a> | <a href=”http://www.intensedebate
.com/editprofile”><?php _e(‘Edit profile’, ‘intensedebate
‘); ?></a></p>
<p><a href=”options-general.php?id_settings_action=user_disconnect” id=”id_user_disconnect”><?php _e(‘Disconnect from IntenseDebate
‘) ?></a></p>
<span class=”idwp-clear”></span>
<p class=”idwp-nomargin”><?php _e(‘All WordPress comments are now synchronized with the IntenseDebate
account above. <a href=”http://www.intensedebate
.com/wordpress#userSync”>Read more here</a>.’, ‘intensedebate
‘); ?></p>
<p></p>

after I read source code PHP I saw too many errors on the URL and source code and I found this URL

https://www.intensedebate.com/js/importStatus.php?acctid=1

and I used sqlmap to dump the database i saw it’s done soo nice

my report https://hackerone.com/reports/1069561

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store