Found a security vulnerability in a healthcare application used by several businesses across Italy.
It was a basic SQL injection vulnerability, which surprised me to even find it in an application which was just released. The vuln could leak customer phone numbers, if you knew the username, you could reliably leak the associated phone number.
After sending a detailed report to the service provider, they fixed it in a couple of days.
It was a basic SQL injection vulnerability, which surprised me to even find it in an application which was just released. The vuln could leak customer phone numbers, if you knew the username, you could reliably leak the associated phone number.
After sending a detailed report to the service provider, they fixed it in a couple of days.