bug-bounty372
xss318
google246
microsoft211
facebook194
apple138
exploit117
rce101
csrf78
malware77
account-takeover61
writeup59
bragging-post57
browser56
authentication-bypass55
cve54
access-control49
defi48
smart-contract47
privilege-escalation45
ethereum44
open-source42
ssrf40
sql-injection39
web338
dos37
ai-agents35
phishing35
docker35
aws34
supply-chain33
smart-contract-vulnerability33
cloudflare32
idor31
react30
denial-of-service28
information-disclosure27
api-security27
sqli27
oauth26
node26
clickjacking25
solidity25
burp-suite25
wordpress23
race-condition23
reverse-engineering23
remote-code-execution22
vulnerability-disclosure22
lfi22
0
3/10
Security researcher found SQL injection vulnerability leading to admin credential extraction, then chained it with discovered phpMyAdmin access to achieve remote code execution via PHP shell upload. The researcher progressively exploited MySQL information_schema to enumerate databases, tables, columns, and ultimately obtained system shell access.
sql-injection
remote-code-execution
phpmyadmin
information-disclosure
mysql
php-shell
subdomain-enumeration
credential-extraction
password-cracking
reverse-shell
bragging-post
Jerry Shah
HackerOne
BugCrowd
crackstation.net
pentestmonkey.net