bug-bounty457
google361
microsoft312
facebook270
xss250
apple179
malware176
rce165
exploit140
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos62
browser61
reflected-xss57
react53
cloudflare51
reverse-engineering49
input-validation48
cross-site-scripting48
node47
aws47
docker47
access-control47
smart-contract45
ethereum44
defi43
sql-injection43
web342
ssrf42
web-security42
web-application41
oauth37
writeup37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
cloud33
auth-bypass33
html-injection33
smart-contract-vulnerability32
buffer-overflow32
0
6/10
bug-bounty
A blind time-based SQL injection vulnerability was discovered in a file upload feature where the application stored the filename parameter in a database without proper sanitization. The vulnerability was confirmed by bypassing a Cloudflare WAF configuration issue and using SQL sleep payloads to measure response time differences.
sql-injection
blind-sqli
time-based-sqli
file-upload
filename-parameter
waf-bypass
cloudflare-bypass
bug-bounty
penetration-testing
input-validation-bypass
Synack
HackerOne
Cloudflare WAF
Burp Scanner
Burp Proxy
@reefbr
@marcioalm
@joaomatosf
CVE-2019-2725
Red Hat
RSA Authentication Manager
Weblogic