bug-bounty540
xss292
rce199
google179
exploit143
microsoft127
malware122
bragging-post120
facebook115
cve112
account-takeover111
privilege-escalation91
open-source91
csrf82
authentication-bypass77
stored-xss72
phishing67
access-control65
ai-agents63
reflected-xss61
apple59
writeup58
input-validation53
web-security53
ssrf52
reverse-engineering51
browser50
sql-injection49
dos48
supply-chain48
cross-site-scripting48
smart-contract46
tool46
ethereum45
defi45
privacy44
cloudflare43
web-application43
web342
lfi39
information-disclosure39
oauth37
responsible-disclosure37
llm37
api-security36
burp-suite35
opinion35
ctf35
vulnerability-disclosure34
automation34
0
8/10
bug-bounty
A detailed writeup on exploiting SQL injection in INSERT queries where commas are forbidden by the application's input filtering logic. The author demonstrates bypassing the comma restriction using CASE WHEN statements with LIKE operators and CAST functions, achieving time-based blind SQL injection to exfiltrate database information.
sql-injection
time-based-blind-sqli
insert-query-injection
bypass-techniques
case-when-statement
like-operator
cast-function
comma-bypass
data-exfiltration
automation-script
Ahmed Sultan
MariaDB
MySQL