Summary
A vulnerability was found in engage platform, where an internal server error message exposes sensitive information about the servers, including SQL table which could lead to SQL injection.
Severity
Low - This vulnerability discloses partial information that is not immediately exploitable.
Proof of Concept
- Go to https://www.letsengage.com/google-form
- File the form, enter text with some strange string encoding (I don’t exactly know what, looking at the error, something that latin1_swedish_ci cannot represent) in one of the input fields (I don’t know which one).
- Go to the end of the form by filing all the inputs.
- Click submit.
- …
- Get the error message.
Timeline
Date reported: 09/20/2024
Date fixed:
Date disclosed: 1/10/2025
audebert Analyst
Summary
A vulnerability was found in engage platform, where an internal server error message exposes sensitive information about the servers, including SQL table which could lead to SQL injection.
Severity
Low - This vulnerability discloses partial information that is not immediately exploitable.
Proof of Concept
Timeline
Date reported: 09/20/2024
Date fixed:
Date disclosed: 1/10/2025