Severity: Critical
Invicti identified an Out of Band SQL Injection by capturing a DNS A request, which occurs when data input by a user is interpreted as an SQL command rather than as normal data by the backend database.
This is an extremely common vulnerability and its successful exploitation can have critical implications.
Invicti confirmed the vulnerability by executing a test SQL query on the backend database that resolves a specific DNS address that {SSRFRESPONDER} can capture, originating from the database server.