Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Library

Stories

Stats

Mastodon
OSINT Team

We teach OSINT from multiple perspectives. InfoSec experts, journalists, law enforcement and other…

Follow publication

Member-only story

Critical SQL Injection Exploit in URL Paths: Bounty Report

Exposing Critical Vulnerabilities: How a Simple SQL Injection Can Compromise Entire Databases

Karthikeyan Nagaraj
OSINT Team
Published in
3 min read6 days ago

--

Introduction

A recent security report exposed a critical SQL Injection (SQLi) vulnerability within the URL path of an MTN Group web application. This vulnerability, discovered by security researcher @almuntadhar, could potentially allow attackers to gain unauthorized access to sensitive database information. Let’s break down the vulnerability, its impact, and how attackers can exploit such flaws.

Vulnerability Overview

  • Vulnerability Type: SQL Injection in URL Paths
  • Severity: Critical (9.0–10)
  • Reported On: January 26, 2025
  • Disclosed On: March 6, 2025
  • Affected Platform: MTN Group
  • Weakness Category: Improper Input Validation (SQL Injection)

Details of the Vulnerability

The vulnerability was found in the customerId parameter within the following URL path:

https://seesure.admyntec.co.za/customerInsurance/newCustomerStep5Pending/customerId/732562/contactPersonId/0/msisdn/

--

--

OSINT Team
OSINT Team
Follow

Published in OSINT Team

8.9K Followers
Last published 1 day ago

We teach OSINT from multiple perspectives. InfoSec experts, journalists, law enforcement and other intelligence specialists read us to grow their skills faster.

Follow
Karthikeyan Nagaraj
Karthikeyan Nagaraj
Follow

Written by Karthikeyan Nagaraj

10.8K Followers
1 Following

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher TopMate - https://topmate.io/cyberw1ng

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams