sqli-exploitation

2 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook466 xss316 google157 rce105 microsoft103 apple68 csrf61 account-takeover54 web354 writeup51 exploit43 sqli41 cve37 ssrf35 cloudflare33 dos33 malware30 privilege-escalation29 defi28 smart-contract-vulnerability25 idor24 subdomain-takeover24 smart-contract23 clickjacking23 ethereum23 node22 access-control21 vulnerability-disclosure21 browser20 auth-bypass20 lfi19 aws19 remote-code-execution18 docker17 reverse-engineering17 react17 cloud17 oauth16 cors16 race-condition16 info-disclosure15 solidity14 authentication-bypass14 phishing13 supply-chain13 wordpress12 denial-of-service11 delegatecall11 sql-injection11
0
SQLI in insert update query without comma
exploit

A writeup on exploiting SQL injection in INSERT queries where commas are forbidden by application logic, using CASE WHEN statements with LIKE operators and CAST functions as a payload bypass technique. The author demonstrates time-based blind SQL injection without commas and provides automated exploitation code.

sql-injection insert-query time-based-blind-sqli comma-bypass case-when sqli-exploitation mariadb mysql payload-technique data-exfiltration
Ahmed Sultan 0x4148 Redforce Web Security Detectify
blog.redforce.io · devanshbatham/Awesome-Bugbounty-Writeups · 5 hours ago · details
0
Tricky oracle SQLI situation
research

A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.

sql-injection oracle-database blind-sql-injection sqli-exploitation parameter-injection character-filtering-bypass string-concatenation data-extraction penetration-testing bug-bounty
Oracle PostgreSQL IBM DB2 Informix pokleyzz yappare
blog.yappare.com · devanshbatham/Awesome-Bugbounty-Writeups · 5 hours ago · details