Symphony Fatal Database Error Disclosure - NOKIA

Here is Ali Hassan Ghori, Back after a long time.

As I have already back to my field so let me share with one of my Nokia finding. While I was finding a Bug in Nokia, I had discovered something Critical that is Symphony Fatal Database Error Disclosure in nokiaconnection.co.uk.

Steps To Reproduce:
1- Visit https://nokiaconnection.co.uk/sign-in/resend-password/ (For exploit In Mozilla Firefox Browser, install a Plugin Tamper Data or You need Burp Suite.)

2- Type single quote (') command in email field, its shows an error. right ? ( something like this 'Please enter a valid email address')

3-  Launch Tamper Data, Tamper the given page. change the email parameter value to  single quote (').

4-  Exploited !!!!
 

Symphony Fatal Database Error Disclosure - NOKIA

Video POC:

                

Symphony Fatal Database Error Disclosure - NOKIA Bug from Ali Hassan Ghori on Vimeo.

Read More