bug-bounty371
xss316
google239
microsoft202
facebook194
apple135
exploit110
rce99
csrf78
malware62
account-takeover60
writeup59
bragging-post57
authentication-bypass55
browser53
access-control49
defi48
cve47
smart-contract47
ethereum44
privilege-escalation43
open-source42
sql-injection39
ssrf38
web338
ai-agents35
docker35
dos34
aws33
smart-contract-vulnerability33
supply-chain32
phishing30
idor30
react28
denial-of-service28
information-disclosure27
api-security27
solidity25
cloudflare25
burp-suite25
clickjacking25
oauth24
race-condition23
sqli23
node23
wordpress23
remote-code-execution22
vulnerability-disclosure22
reverse-engineering21
web-security21
0
3/10
Security researcher found SQL injection vulnerability leading to admin credential extraction, then chained it with discovered phpMyAdmin access to achieve remote code execution via PHP shell upload. The researcher progressively exploited MySQL information_schema to enumerate databases, tables, columns, and ultimately obtained system shell access.
sql-injection
remote-code-execution
phpmyadmin
information-disclosure
mysql
php-shell
subdomain-enumeration
credential-extraction
password-cracking
reverse-shell
bragging-post
Jerry Shah
HackerOne
BugCrowd
crackstation.net
pentestmonkey.net