bug-bounty451
google354
xss338
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post86
csrf83
browser77
writeup75
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
docker51
ssrf51
phishing50
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor35
vulnerability-disclosure32
smart-contract-vulnerability32
clickjacking31
burp-suite31
info-disclosure31
race-condition31
web-application31
reverse-engineering31
wordpress30
input-validation30
web-security29
information-disclosure29
cloud29
reflected-xss29
solidity27
0
8/10
vulnerability
Detailed walkthrough of exploiting blind SQL injection in Oculus' developer portal by bypassing multiple filters (no whitespace, no commas) using comment syntax and MySQL alternative function syntax, ultimately extracting admin session tokens and gaining administrative access.
sql-injection
blind-sql-injection
mysql
web-application
authentication-bypass
session-hijacking
oculus
facebook
burp-suite
intruder
bypass-techniques
information-schema
prepared-statements
Oculus
Facebook
Josip Franjković
Jon (Bitquark)
developer.oculusvr.com
CompanyAction.php
PHPSESSID
MySQL
0
6/10
A researcher discovered a race condition vulnerability in a bug bounty program that allowed bypassing authorization controls to create more team members than allowed by using Burp Suite's Intruder tool to send simultaneous requests.
Pravinrp
Burp Suite
Veracode