bug-bounty488
google318
xss283
microsoft259
facebook226
rce175
apple153
exploit147
malware112
account-takeover109
bragging-post102
cve92
csrf85
privilege-escalation81
authentication-bypass66
stored-xss65
writeup63
phishing60
dos57
browser57
reflected-xss57
ssrf52
react51
access-control51
input-validation49
cross-site-scripting48
supply-chain48
aws47
cloudflare47
node46
smart-contract45
sql-injection45
ethereum44
docker44
defi43
web-application43
web-security43
reverse-engineering42
oauth42
web340
lfi37
burp-suite36
idor36
vulnerability-disclosure35
race-condition33
html-injection33
smart-contract-vulnerability32
csp-bypass32
clickjacking31
information-disclosure31
0
3/10
A researcher discovered SQL injection on a subdomain to extract admin credentials, then leveraged those credentials to access phpMyAdmin on a different subdomain and achieved remote code execution via a PHP shell upload using MySQL's INTO OUTFILE command.
sql-injection
remote-code-execution
rce
phpmyadmin
information-disclosure
mysql
file-upload
web-shell
credential-extraction
hash-cracking
subdomain-enumeration
bragging-post
Jerry Shah
HackerOne
BugCrowd
crackstation.net
pentestmonkey.net
MySQL