exploitation-technique

3 articles
sort: new top best
clear filter
bug-bounty451 google354 xss338 microsoft283 facebook246 apple171 exploit163 rce160 malware102 account-takeover95 cve91 bragging-post86 csrf83 browser77 writeup75 privilege-escalation68 react60 authentication-bypass57 cloudflare54 dos53 node52 docker51 ssrf51 phishing50 aws48 access-control47 oauth45 smart-contract45 supply-chain44 ethereum43 defi42 web342 sql-injection41 lfi37 idor35 vulnerability-disclosure32 smart-contract-vulnerability32 clickjacking31 burp-suite31 info-disclosure31 race-condition31 web-application31 reverse-engineering31 wordpress30 input-validation30 web-security29 information-disclosure29 cloud29 reflected-xss29 solidity27
0 7/10
SQL injection through User-Agent
tutorial

A step-by-step walkthrough of exploiting boolean-based SQL injection through the User-Agent HTTP header to enumerate database version, table names, column names, and extract user credentials from a MariaDB database.

sql-injection boolean-based-sql-injection user-agent-injection http-header-injection database-enumeration mysql mariadb authentication-bypass bug-bounty penetration-testing exploitation-technique
fr0stNuLL MySQL MariaDB Oracle MicrosoftSQL
medium.com · kh4sh3i/bug-bounty-writeups · 19 hours ago · details
0 8/10
SQLI in insert update query without comma
vulnerability

Technical writeup on exploiting SQL injection in INSERT/UPDATE queries when commas are forbidden by application logic, using CASE WHEN statements with LIKE operators and CAST functions to perform time-based blind SQL injection without comma delimiters. Includes working payload and automated Python exploit script.

sql-injection insert-query time-based-blind-sqli comma-bypass case-when like-operator cast-function exploitation-technique payload-crafting automated-exploitation
Ahmed Sultan Redforce Web Security Detectify
blog.redforce.io · devanshbatham/Awesome-Bugbounty-Writeups · 19 hours ago · details
0 8/10
How to do 55000 subdomain takeover in a blink of an eye
research

Technical writeup demonstrating how to identify and exploit 55,000+ subdomain takeover vulnerabilities on Shopify by analyzing CNAME records pointing to Shopify's infrastructure, including two exploitation methods (application name mapping and DNS mapping) with step-by-step methodology and large-scale scanning techniques.

subdomain-takeover dns-misconfiguration cloud-security shopify bug-bounty large-scale-vulnerability cname-records domain-hijacking fdns-dataset exploitation-technique
Shopify buckhacker FDNS Dataset Project Sonar HackerOne
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 19 hours ago · details