Cantina Marketplace SQL Injection Bounty: Challenge Accepted.

Cantina Posted a bounty of 5 BTC for anybody who could find an SQL Injection in their site after denying a bug from a user.

Took me about 10 minutes, result:

http://www.reddit.com/r/SilkRoad/comments/1wed78/cantina_not_worthy/cf1lgtp


Comments


[9 Points] TMPSchultz:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

It would be interesting to see how we fare. We don't have a lot of incoming funds 
so we aren't going to promise a large BTC bounty but we believe a lot of 
redditors would love to see us fail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJS6RuJAAoJELlMLWJeibwPwRgP/3/o2g/kWC+QyVIEW93WsRar
y2HEq9a+9saJAI4JZRBc6qIOAOEMpmKfjcOa46cxTXHwom2DML7Zc9HOE7Xri4gA
0tppr09OMnB/OU+5l1ML6d7TcR2Ezi8/+mtkaOGIvjNzvdY34UCm3d93OcgZ4ySj
4Bu6SxuIQNbqebDC4LiTPByOUvDd+n/r4W6o2I9JKNeZQ7wb4iT6ZSlsqx3akHTl
TCDx620HdlIV4YJu/6GruCWbShlKS2UCv/xdsohAM3sd2UF2JSEogGqQTagIsndW
tly8sbQOpeW+4BMzGeeIlIXc8q1DR/Dr1XRtvga4NsVCda1h/nOaCzeGTHbemwg4
C6kA5dHJKAjGeX6dhJgQSQ6VFLZyM8TliY6/FRgKwzVVHT+NoPZ+Yin2meGfItl7
cDiIcgdz9RdVau+hf2hRtQcBw5hOGPB4FLF6eNYMYN6s3Kv9YE7x6UK/e34xPlWo
RI4Ih6zad24a13nUYxATNDsgXKpMKnaTiFo7RfDDxqb1L7g05Qr47DOkDtFqiBTh
wGb0KnV7DiwnJ9V4/7HK36q9PE1BbqpbSsjuheKcktiR1jrc0Dz1jPze5lEG+p7e
OFuxsrnmwSa6IrbaAtzLyIdx3B2OjSCtjmwGb0h32m85qpvwcOgXhG/Z4vto+MVK
k5+K3MA+zIXFztbE/gF6
=xCba
-----END PGP SIGNATURE-----


[6 Points] None:

You should throw us all a round of drugs with those 5 BTC!


[2 Points] deepdot:

LOL, you can add this to the mail i got about an hour ago from somone ELSE who hacked the site and now enjoying their backend so you have competition for the bounty see the PM i sent you :)


[2 Points] roionsteroids:

Not entirely unexpected after this great advertisement.


[1 Points] Astrid_IS_Fashion:

bahhahahahahaha!!


[1 Points] DNM_Throwaway:

Congrats lol.


[1 Points] 13tom13:

hopefully they dont react like druglist did


[0 Points] None:

[deleted]


[-1 Points] None:

[deleted]