bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
7/10
tutorial
A step-by-step walkthrough of exploiting boolean-based SQL injection through the User-Agent HTTP header to enumerate database version, table names, column names, and extract user credentials from a MariaDB database.
sql-injection
boolean-based-sql-injection
user-agent-injection
http-header-injection
database-enumeration
mysql
mariadb
authentication-bypass
bug-bounty
penetration-testing
exploitation-technique
fr0stNuLL
MySQL
MariaDB
Oracle
MicrosoftSQL
0
7/10
bug-bounty
A bug bounty hunter discovered a stored XSS vulnerability in a Drupal application by chaining cache poisoning with an unreflected HTTP header (style) discovered via Param Miner brute-forcing, allowing arbitrary XSS payloads to be cached and served to all users visiting a poisoned URL.
cache-poisoning
stored-xss
drupal
http-header-injection
bug-bounty
web-vulnerability
cache-exploitation
parameter-discovery
burp-suite
Rohan Aggarwal
Drupal
Rails
Param Miner
Burp Suite
HackerOne
Zend
X-Original-URL
X-Rewrite-URL