parameter-injection

3 articles
Sort: New Top Best
clear filter
bug-bounty621 facebook431 xss316 google103 rce101 csrf60 microsoft59 web354 account-takeover53 writeup50 apple42 sqli41 cve35 ssrf34 exploit33 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 ethereum23 clickjacking23 smart-contract23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 race-condition15 cloud15 reverse-engineering14 authentication-bypass14 solidity14 oauth12 browser12 info-disclosure12 aws12 sql-injection11 delegatecall11 denial-of-service11 phishing11 web-application-security10 vulnerability9 buffer-overflow9 web-security9 token-theft9
0
Tricky oracle SQLI situation
research

A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.

sql-injection oracle-database blind-sql-injection sqli-exploitation parameter-injection character-filtering-bypass string-concatenation data-extraction penetration-testing bug-bounty
Oracle PostgreSQL IBM DB2 Informix pokleyzz yappare
blog.yappare.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Exploiting “Google BigQuery” SQLI
writeup

A detailed writeup on bypassing Akamai's Kona WAF to exploit a blind SQL injection vulnerability in a Google BigQuery backend by leveraging division-by-zero errors and the STRPOS function to extract database information without triggering WAF detection rules.

sql-injection waf-bypass google-bigquery blind-sql-injection akamai-kona-waf bug-bounty web-application-firewall division-by-zero database-exploitation parameter-injection
Akamai Google BigQuery Kona WAF HackerOne Duc Nguyen Burpsuite
hackemall.live · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Facebook graphql CSRF
vulnerability

A CSRF vulnerability in Facebook's Instagram Business Tools allowed attackers to execute arbitrary GraphQL mutations by crafting malicious URLs that leveraged the victim's authenticated access token, enabling unauthorized actions like creating posts with malicious content. The vulnerability exploited improper parameter handling in the /business/:id endpoint where user-controlled IDs were sent to the Graph API without proper CSRF protections.

csrf graphql authentication-bypass mutation instagram facebook web-security access-token-misuse parameter-injection business-tools
Facebook Instagram business.instagram.com graph.facebook.com BusinessToolsEntrypoint.instagram BusinessStore.instagram SyncAddMutations
philippeharewood.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details