bug-bounty524
xss282
rce152
bragging-post120
google112
account-takeover99
exploit96
open-source91
microsoft81
csrf78
facebook77
authentication-bypass75
stored-xss72
privilege-escalation72
cve70
access-control65
ai-agents63
malware63
reflected-xss61
writeup53
input-validation53
web-security53
ssrf52
sql-injection49
cross-site-scripting48
smart-contract46
tool46
defi45
ethereum45
privacy44
web-application43
phishing40
information-disclosure39
apple38
browser38
responsible-disclosure37
llm37
web337
lfi36
burp-suite35
opinion35
api-security35
cloudflare34
vulnerability-disclosure34
automation34
oauth33
idor32
machine-learning32
dos31
code-generation31
0
8/10
bug-bounty
A detailed writeup on exploiting SQL injection in INSERT queries where commas are forbidden by the application's input filtering logic. The author demonstrates bypassing the comma restriction using CASE WHEN statements with LIKE operators and CAST functions, achieving time-based blind SQL injection to exfiltrate database information.
sql-injection
time-based-blind-sqli
insert-query-injection
bypass-techniques
case-when-statement
like-operator
cast-function
comma-bypass
data-exfiltration
automation-script
Ahmed Sultan
MariaDB
MySQL