How I hacked RD Sharma’s Publisher Website?
This is the story when I was in my 11th class, one day I was just searching to buy maths book on the internet and RD Sharma was one of the best books for boards prep so, I thought to buy it.
While searching on the internet, I found the publisher’s website of RD Sharma which is also a E Commerce website to sell their books online and one thing that I also noticed that the website uses PHP so I thought that let’s give it a try to find something exploitable.
First thing which caught my attention is the button to login into admin panel and when I clicked on it, It takes me to the login page which uses PHP and MySQL for the authentication. So, I tried to exploit it using SQL Injection with the most basic payload ‘ or1=1 — and it worked.
In that admin panel, I was able to manage orders and inventory, so, I decided to inform the support team and they are very quick, they fixed that bug on the same day and also gifted me the RD Sharma book as reward.
Thanks to the publishers for that book.
