json-post-request

1 article

Sort: New Top Best

bug-bounty622 facebook466 xss316 google157 microsoft104 rce102 apple62 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos34 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware26 smart-contract-vulnerability25 idor25 node25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 vulnerability-disclosure21 auth-bypass19 reverse-engineering19 react19 remote-code-execution18 aws18 lfi18 cloud17 cors17 info-disclosure16 oauth16 race-condition16 supply-chain15 docker14 authentication-bypass14 solidity14 browser13 phishing13 denial-of-service11 sql-injection11 delegatecall11 wordpress10

SQLI bootcamp.nutanix.com

bug-bounty

A SQL injection vulnerability was discovered in the login endpoint of bootcamp.nutanix.com where unsanitized user input in the email and password JSON parameters allowed extraction of database version information via error-based SQLi techniques. The vulnerability was exploited using simple quote injection and extractvalue() functions to trigger MySQL errors revealing system details.

sql-injection sqli bug-bounty web-application-security authentication-bypass json-post-request mysql error-based-sqli xpath-injection burp-suite sqlmap vulnerability-disclosure penetration-testing

bootcamp.nutanix.com Nutanix Muhammad Khizer Javed Burp Suite SQLmap MySQL 8.0.11 Express.js HackerOne Bugcrowd

blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details