How I Ethically Hacked a Government Portal: SQL Injection in a Gov. Portal
1 min read
Summary
Security researcher Akash Mahajan discovered a SQL injection vulnerability on a government portal which could have potentially allowed malicious users to extract sensitive data from the database.
The vulnerability resided in the search functionality of the government website which presented an error message that disclosed a SQL syntax error upon the entry of a specifically constructed search string.
This type of error indicates that the database is vulnerable to SQL injection which enables potential attackers to manipulate SQL queries to gain unauthorized access to or modify the content of the database.
The issue was responsibly reported to the authorities and has since been patched.
The researcher outlines the steps he took to discover and validate the vulnerability in a bid to encourage fellow security enthusiasts to investigate and improve the security of public-facing applications.