Sometime ago, scrolling through the Chrome newsfeed, I came across a story by YourStory about ExpertRight.
YourStory covered ExpertRight and gave info. about this startup from Rajasthan, India.
Basically,
ExpertRight is a platform to hire freelancers for a short time period work. This seemed interesting, though nothing very new, so I checked out their site…
The site was good too & then something happened!
As I was surfing the Freelancer's page, I clicked on a freelancer's profile to check some info. & there I found out that the url was in the .php?id= format.
If you know even some basics about pen-testing, you know this can lead to an SQL Injection… So I tested the site & found that it was indeed vulnerable to SQL Injection Attacks!
To verify,
I registered on the site & then downloaded all the entries from 'users' table in their database (backend MySql) & I did find my info. I straight away fired a tweet (screenshot below) to Ayush Goyal (ExpertRight) about this, and we talked about it.
Of course being a new startup, I was requested to pull off that tweet which I did (screenshot below). But as you can see that the vulnerability was disclosed in January 2020, it still isn't fixed & so I decided to shoot a post about it.
If you are one of those who use the platform, I'd just say to be careful until they fix the issues.
