bug-bounty622
facebook466
xss316
google157
rce105
microsoft103
apple68
csrf61
account-takeover54
web354
writeup51
exploit43
sqli41
cve37
ssrf35
cloudflare33
dos33
malware30
privilege-escalation29
defi28
smart-contract-vulnerability25
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
node22
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
docker17
reverse-engineering17
react17
cloud17
oauth16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
phishing13
supply-chain13
wordpress12
denial-of-service11
delegatecall11
sql-injection11
0
research
A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.
sql-injection
oracle-database
blind-sql-injection
sqli-exploitation
parameter-injection
character-filtering-bypass
string-concatenation
data-extraction
penetration-testing
bug-bounty
Oracle
PostgreSQL
IBM DB2
Informix
pokleyzz
yappare