bug-bounty480
google297
xss277
microsoft249
facebook211
rce159
apple150
exploit136
bragging-post102
account-takeover98
malware94
csrf84
cve79
privilege-escalation74
authentication-bypass65
stored-xss65
writeup61
reflected-xss57
browser54
react53
ssrf51
phishing50
dos50
input-validation49
cloudflare49
access-control49
cross-site-scripting48
node46
aws46
smart-contract45
docker45
sql-injection45
ethereum44
defi43
web-security43
web-application42
supply-chain42
oauth41
web339
burp-suite36
lfi34
vulnerability-disclosure34
idor34
html-injection33
smart-contract-vulnerability32
race-condition32
clickjacking31
reverse-engineering31
information-disclosure30
csp-bypass30
0
9/10
vulnerability
A critical SQL injection vulnerability was discovered in a legacy 404 error handler that directly concatenates user-controlled REQUEST_URI into an INSERT statement without sanitization. The attacker exploited INSERT-based, multi-row XPATH injection combined with EXTRACTVALUE() error-based extraction to bypass automated tools and dump database contents, revealing the application ran with MySQL root privileges.
sql-injection
error-based-sql-injection
xpath-injection
insert-based-injection
extractvalue
legacy-infrastructure
404-handler
php-vulnerability
mysql
information-disclosure
penetration-testing
payload-crafting
multi-row-injection
vulnerability-research
SQLMap
Ghauri
Sublist3r
DNSRecon
Amass
viewdns.info
EXTRACTVALUE
mysqli
Eduardo F
0
5/10
bug-bounty
SQL injection vulnerability discovered in Nutanix's bootcamp.nutanix.com login endpoint accepting JSON POST requests. Error-based SQLi via email parameter revealed MySQL version 8.0.11 using extractvalue() payload; exploitable through JSON API without authentication.
sql-injection
json-api
mysql
error-based-sqli
extractvalue
burp-suite
sqlmap
login-bypass
bug-bounty
web-application
bootcamp.nutanix.com
Nutanix
Muhammad Khizer Javed
Express
MySQL 8.0.11