OSINT Team

We teach OSINT from multiple perspectives. InfoSec experts, journalists, law enforcement and other…

Follow publication

Member-only story

Critical SQL Injection Exploit in URL Paths: Bounty Report

Exposing Critical Vulnerabilities: How a Simple SQL Injection Can Compromise Entire Databases

Karthikeyan Nagaraj
OSINT Team
Published in
3 min read6 days ago

--

Introduction

A recent security report exposed a critical SQL Injection (SQLi) vulnerability within the URL path of an MTN Group web application. This vulnerability, discovered by security researcher @almuntadhar, could potentially allow attackers to gain unauthorized access to sensitive database information. Let’s break down the vulnerability, its impact, and how attackers can exploit such flaws.

Vulnerability Overview

  • Vulnerability Type: SQL Injection in URL Paths
  • Severity: Critical (9.0–10)
  • Reported On: January 26, 2025
  • Disclosed On: March 6, 2025
  • Affected Platform: MTN Group
  • Weakness Category: Improper Input Validation (SQL Injection)

Details of the Vulnerability

The vulnerability was found in the customerId parameter within the following URL path:

https://seesure.admyntec.co.za/customerInsurance/newCustomerStep5Pending/customerId/732562/contactPersonId/0/msisdn/

--

--

Published in OSINT Team

We teach OSINT from multiple perspectives. InfoSec experts, journalists, law enforcement and other intelligence specialists read us to grow their skills faster.

Written by Karthikeyan Nagaraj

Entrepreneur | Writer | Cyber Security Consultant | AI Researcher TopMate - https://topmate.io/cyberw1ng

No responses yet

Write a response