blind-sql-injection

5 articles
Sort: New Top Best
clear filter
bug-bounty621 facebook431 xss316 google103 rce101 csrf60 microsoft59 web354 account-takeover53 writeup50 apple42 sqli41 cve35 ssrf34 exploit33 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 ethereum23 clickjacking23 smart-contract23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 race-condition15 cloud15 reverse-engineering14 authentication-bypass14 solidity14 oauth12 browser12 info-disclosure12 aws12 sql-injection11 delegatecall11 denial-of-service11 phishing11 web-application-security10 vulnerability9 buffer-overflow9 web-security9 token-theft9
0
Tricky oracle SQLI situation
research

A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.

sql-injection oracle-database blind-sql-injection sqli-exploitation parameter-injection character-filtering-bypass string-concatenation data-extraction penetration-testing bug-bounty
Oracle PostgreSQL IBM DB2 Informix pokleyzz yappare
blog.yappare.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Exploiting “Google BigQuery” SQLI
writeup

A detailed writeup on bypassing Akamai's Kona WAF to exploit a blind SQL injection vulnerability in a Google BigQuery backend by leveraging division-by-zero errors and the STRPOS function to extract database information without triggering WAF detection rules.

sql-injection waf-bypass google-bigquery blind-sql-injection akamai-kona-waf bug-bounty web-application-firewall division-by-zero database-exploitation parameter-injection
Akamai Google BigQuery Kona WAF HackerOne Duc Nguyen Burpsuite
hackemall.live · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
SQLI in Nokia Sites
vulnerability-disclosure

Security researcher Josip Franjković discovered four SQL injection vulnerabilities across multiple Nokia domains (www4.nokia.de, a PHP site, and nokia.es subdomain), including blind SQL injection via User-Agent headers and time-based injection attacks, which Nokia's incident response team patched rapidly in April 2013. The researcher detailed advanced exploitation techniques such as using UNION-based subqueries with CASE statements to extract data from INSERT queries and bypass error-based detection.

sql-injection blind-sql-injection time-based-sql-injection mysql postgresql user-agent-injection insert-into-injection union-based-injection vulnerability-disclosure bug-bounty security-research database-enumeration subquery-injection case-statement-bypass
Nokia www4.nokia.de nokia.es Josip Franjković Bryan de Houwer Nokia Lumia 820 Nokia Lumia 920 Instagram Ganglia
josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Step by Step Exploiting SQLI in Oculus
exploit

Step-by-step exploitation of multiple SQL injection vulnerabilities in Oculus' website, demonstrating blind SQL injection techniques with whitespace and comma filtering bypass to extract admin session credentials. The attacker chained five SQL injections together, using creative MySQL syntax (comment blocks, OFFSET instead of comma-based LIMIT) to gain administrator access without prepared statements.

sql-injection blind-sql-injection authentication-bypass web-vulnerability mysql php penetration-testing session-hijacking bypass-techniques prepared-statements
Oculus Facebook Josip Franjković Jon Bitquark developer.oculusvr.com CompanyAction.php Burp sqlmap
josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Exploiting tricky blind SQLI
exploit

A blind SQL injection vulnerability in a PostgreSQL LIMIT clause was exploited by using ASCII conversion to extract database information through response-based inference. The attacker created 127 albums and used nested `ascii(substr())` functions to convert extracted characters into numeric values that controlled the LIMIT clause row count, allowing information extraction by counting returned results.

sql-injection blind-sql-injection postgresql limit-clause error-based-injection ascii-function substr-function database-enumeration web-application-security pagination dbms-fingerprinting numeric-context-injection
PostgreSQL PHP Burp Intruder securityidiots Rahul Maini
noob.ninja · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details