It's now been over six months since I reported an incident to US-CERT, and was still a trivially exploitable SQLi on the Washington State Department of Transportation website. I made a partial public disclosure while this was still exposing sensitive contractor PII from 1986-2021 including last 4 of SSNs, as well as nearly 73k users from 1999-2021. Around one week after, this issue has been resolved, and I have updated this article to contain complete information. Thank you to everyone that h...
