OSINT Team

We teach OSINT from multiple perspectives. InfoSec experts, journalists, law enforcement and other…

Follow publication

Member-only story

Critical SQL Injection Exploit in URL Paths: Bounty Report

Karthikeyan Nagaraj
OSINT Team
Published in
3 min read5 days ago

Introduction

A recent security report exposed a critical SQL Injection (SQLi) vulnerability within the URL path of an MTN Group web application. This vulnerability, discovered by security researcher @almuntadhar, could potentially allow attackers to gain unauthorized access to sensitive database information. Let’s break down the vulnerability, its impact, and how attackers can exploit such flaws.

Vulnerability Overview

  • Vulnerability Type: SQL Injection in URL Paths
  • Severity: Critical (9.0–10)
  • Reported On: January 26, 2025
  • Disclosed On: March 6, 2025
  • Affected Platform: MTN Group
  • Weakness Category: Improper Input Validation (SQL Injection)

Details of the Vulnerability

The vulnerability was found in the customerId parameter within the following URL path:

https://seesure.admyntec.co.za/customerInsurance/newCustomerStep5Pending/customerId/732562/contactPersonId/0/msisdn/

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in OSINT Team

We teach OSINT from multiple perspectives. InfoSec experts, journalists, law enforcement and other intelligence specialists read us to grow their skills faster.

Written by Karthikeyan Nagaraj

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher TopMate - https://topmate.io/cyberw1ng

Write a response