How I Found Sql Injection on intensedebate.com (h1) in 5 minute $350

Ahmad A Abdulla
2 min readMay 4, 2021

--

I’m here to tell you how I found SQL injection on this website at HackerOne just in 5 minutes and I got 350$ without any tools to recon

just I used my mind and google search after 2 or 3 minutes I found a zip on a website like https://intensedebate.com/intensedebate.zip I downloaded this zip I saw source code of some file PHP like this

<img src=”http://intensedebate
.com/midimages/<?php echo get_usermeta($user_ID, ‘id_userID’);?>” alt=”[Avatar]” class=”idwp-avatar” />
<h3 class=”idwp-floatnone”><?php printf(__(‘Synchronizing as %s’, ‘intensedebate
‘), ‘<a href=”http://www.intensedebate
.com/people/'.get_usermeta($user_ID, ‘id_username’).’”>’.get_usermeta($user_ID, ‘id_username’).’</a>’); ?></h3>
<p class=”idwp-floatnone”><a href=”http://www.intensedebate
.com/userDash"><?php _e(‘Dashboard’, ‘intensedebate
‘); ?></a> | <a href=”http://www.intensedebate
.com/editprofile”><?php _e(‘Edit profile’, ‘intensedebate
‘); ?></a></p>
<p><a href=”options-general.php?id_settings_action=user_disconnect” id=”id_user_disconnect”><?php _e(‘Disconnect from IntenseDebate
‘) ?></a></p>
<span class=”idwp-clear”></span>
<p class=”idwp-nomargin”><?php _e(‘All WordPress comments are now synchronized with the IntenseDebate
account above. <a href=”http://www.intensedebate
.com/wordpress#userSync”>Read more here</a>.’, ‘intensedebate
‘); ?></p>
<p></p>

after I read source code PHP I saw too many errors on the URL and source code and I found this URL

https://www.intensedebate.com/js/importStatus.php?acctid=1

and I used sqlmap to dump the database i saw it’s done soo nice

my report https://hackerone.com/reports/1069561

lu3ky13 is on @buymeacoffee! 🎉

You can support by buying a coffee ☕️ here —
https://www.buymeacoffee.com/lu3ky13

--

--

Responses (2)