sql-injection

11 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
SQLI in insert update query without comma
exploit

A writeup on exploiting SQL injection in INSERT queries where commas are forbidden by application logic, using CASE WHEN statements with LIKE operators and CAST functions as a payload bypass technique. The author demonstrates time-based blind SQL injection without commas and provides automated exploitation code.

sql-injection insert-query time-based-blind-sqli comma-bypass case-when sqli-exploitation mariadb mysql payload-technique data-exfiltration
Ahmed Sultan 0x4148 Redforce Web Security Detectify
blog.redforce.io · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
SQLI bootcamp.nutanix.com
bug-bounty

A SQL injection vulnerability was discovered in the login endpoint of bootcamp.nutanix.com where unsanitized user input in the email and password JSON parameters allowed extraction of database version information via error-based SQLi techniques. The vulnerability was exploited using simple quote injection and extractvalue() functions to trigger MySQL errors revealing system details.

sql-injection sqli bug-bounty web-application-security authentication-bypass json-post-request mysql error-based-sqli xpath-injection burp-suite sqlmap vulnerability-disclosure penetration-testing
bootcamp.nutanix.com Nutanix Muhammad Khizer Javed Burp Suite SQLmap MySQL 8.0.11 Express.js HackerOne Bugcrowd
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
SQLI Authentication Bypass AutoTrader Webmail
bug-bounty

A researcher discovered an SQL injection vulnerability in AutoTrader's webmail login (dealeremail.autotrader.co.uk) that allowed authentication bypass using the payload admin'–' in both username and password fields, gaining unauthorized access to the admin panel. The vulnerability was reported through the bug bounty program and was subsequently patched.

sql-injection authentication-bypass login-bypass web-application-security bug-bounty sqli vulnerability-testing webmail credential-bypass
AutoTrader dealeremail.autotrader.co.uk MuhammadKhizerJaved
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Tricky oracle SQLI situation
research

A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.

sql-injection oracle-database blind-sql-injection sqli-exploitation parameter-injection character-filtering-bypass string-concatenation data-extraction penetration-testing bug-bounty
Oracle PostgreSQL IBM DB2 Informix pokleyzz yappare
blog.yappare.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Yahoo – Root Access SQLI – tw.yahoo.com
vulnerability

SQL injection vulnerability discovered on tw.stock.yahoo.com in the getjson.php endpoint where double URL decoding bypass allowed unescaped single quotes in the 's' parameter, enabling attackers to execute arbitrary SQL queries with root database privileges. The vulnerability leveraged insufficient input validation combined with incomplete quote stripping after the first decode pass.

sql-injection sqli authentication-bypass input-validation double-encoding json web-vulnerability database-access privilege-escalation root-access
Yahoo tw.yahoo.com tw.stock.yahoo.com MySQL
buer.haus · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Exploiting “Google BigQuery” SQLI
writeup

A detailed writeup on bypassing Akamai's Kona WAF to exploit a blind SQL injection vulnerability in a Google BigQuery backend by leveraging division-by-zero errors and the STRPOS function to extract database information without triggering WAF detection rules.

sql-injection waf-bypass google-bigquery blind-sql-injection akamai-kona-waf bug-bounty web-application-firewall division-by-zero database-exploitation parameter-injection
Akamai Google BigQuery Kona WAF HackerOne Duc Nguyen Burpsuite
hackemall.live · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
SQLI in Nokia Sites
vulnerability-disclosure

Security researcher Josip Franjković discovered four SQL injection vulnerabilities across multiple Nokia domains (www4.nokia.de, a PHP site, and nokia.es subdomain), including blind SQL injection via User-Agent headers and time-based injection attacks, which Nokia's incident response team patched rapidly in April 2013. The researcher detailed advanced exploitation techniques such as using UNION-based subqueries with CASE statements to extract data from INSERT queries and bypass error-based detection.

sql-injection blind-sql-injection time-based-sql-injection mysql postgresql user-agent-injection insert-into-injection union-based-injection vulnerability-disclosure bug-bounty security-research database-enumeration subquery-injection case-statement-bypass
Nokia www4.nokia.de nokia.es Josip Franjković Bryan de Houwer Nokia Lumia 820 Nokia Lumia 920 Instagram Ganglia
josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Step by Step Exploiting SQLI in Oculus
exploit

Step-by-step exploitation of multiple SQL injection vulnerabilities in Oculus' website, demonstrating blind SQL injection techniques with whitespace and comma filtering bypass to extract admin session credentials. The attacker chained five SQL injections together, using creative MySQL syntax (comment blocks, OFFSET instead of comma-based LIMIT) to gain administrator access without prepared statements.

sql-injection blind-sql-injection authentication-bypass web-vulnerability mysql php penetration-testing session-hijacking bypass-techniques prepared-statements
Oculus Facebook Josip Franjković Jon Bitquark developer.oculusvr.com CompanyAction.php Burp sqlmap
josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
SQLI amd silly WAF
bug-bounty

A bug bounty hunter documents two SQL injection vulnerabilities discovered in a private program, both protected by WAF (Web Application Firewall) that blocks requests randomly. The author develops Python scripts that exploit timing and retry logic to overcome WAF blocking mechanisms—one using repeated requests when WAF returns maintenance errors, and another using multiple retries to differentiate between WAF-generated and server-generated error responses.

sql-injection boolean-based-sql-injection waf-bypass bug-bounty web-application-security oracle-database python-exploit time-based-exploitation error-based-detection parameter-tampering
mahmoudsec.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Bypassing a crappy WAF to exploit a blind SQLI
bug-bounty

A writeup on bypassing a Web Application Firewall (WAF) to exploit a blind SQL injection vulnerability discovered during security research. The article documents the techniques used to evade WAF detection while exploiting the underlying database vulnerability.

waf-bypass sql-injection blind-sqli web-application-security penetration-testing bug-bounty
Robin Verton Deutsche Telekom AG
robinverton.de · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Exploiting tricky blind SQLI
exploit

A blind SQL injection vulnerability in a PostgreSQL LIMIT clause was exploited by using ASCII conversion to extract database information through response-based inference. The attacker created 127 albums and used nested `ascii(substr())` functions to convert extracted characters into numeric values that controlled the LIMIT clause row count, allowing information extraction by counting returned results.

sql-injection blind-sql-injection postgresql limit-clause error-based-injection ascii-function substr-function database-enumeration web-application-security pagination dbms-fingerprinting numeric-context-injection
PostgreSQL PHP Burp Intruder securityidiots Rahul Maini
noob.ninja · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details