bug-bounty622
facebook468
xss316
google162
microsoft106
rce105
apple69
csrf61
web354
account-takeover54
writeup51
exploit43
sqli41
cve37
ssrf35
dos33
cloudflare33
malware30
privilege-escalation29
defi28
smart-contract-vulnerability25
node24
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
docker17
reverse-engineering17
react17
cloud17
oauth16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
phishing13
supply-chain13
wordpress12
denial-of-service11
delegatecall11
sql-injection11
0
bug-bounty
A bug bounty hunter documents two SQL injection vulnerabilities discovered in a private program, both protected by WAF (Web Application Firewall) that blocks requests randomly. The author develops Python scripts that exploit timing and retry logic to overcome WAF blocking mechanisms—one using repeated requests when WAF returns maintenance errors, and another using multiple retries to differentiate between WAF-generated and server-generated error responses.