iif-function

1 article
sort: new top best
clear filter
bug-bounty405 google392 xss350 microsoft305 facebook274 apple184 exploit182 rce174 malware136 cve107 account-takeover94 csrf86 browser85 writeup69 privilege-escalation66 phishing61 dos60 react59 supply-chain56 bragging-post55 authentication-bypass54 cloudflare51 node51 ssrf49 aws48 docker48 access-control46 smart-contract45 reverse-engineering45 web344 ethereum43 defi42 pentest41 oauth41 sql-injection40 lfi35 idor35 race-condition33 info-disclosure33 smart-contract-vulnerability32 cloud31 buffer-overflow30 auth-bypass29 wordpress29 clickjacking29 solidity27 subdomain-takeover27 vulnerability-disclosure25 web-application24 sqli23
0 8/10
Turning Blind Error Based SQL Injection into Exploitable Boolean One
vulnerability

A detailed writeup on converting a blind error-based MSSQL injection vulnerability into an exploitable boolean-based injection using the IIF() and CONVERT() functions to systematically enumerate database names and table metadata. The author demonstrates bypassing restrictions on verbose error messages and character limits through clever payload construction and Burp Intruder automation.

sql-injection blind-sql-injection error-based-sql-injection boolean-based-sql-injection mssql database-enumeration burp-suite sqlmap iif-function convert-function information-schema bug-bounty-hunting paywall-bypass
Ozgur Alp Synack Microsoft SQL Server IIS Burp Intruder SQLMap SQLFiddle
ozguralp.medium.com · kh4sh3i/bug-bounty-writeups · 17 hours ago · details