bug-bounty622
facebook468
xss316
google162
microsoft106
rce105
apple69
csrf61
web354
account-takeover54
writeup51
exploit43
sqli41
cve37
ssrf35
dos33
cloudflare33
malware30
privilege-escalation29
defi28
smart-contract-vulnerability25
node24
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
docker17
reverse-engineering17
react17
cloud17
oauth16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
phishing13
supply-chain13
wordpress12
denial-of-service11
delegatecall11
sql-injection11
0
research
A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.
sql-injection
oracle-database
blind-sql-injection
sqli-exploitation
parameter-injection
character-filtering-bypass
string-concatenation
data-extraction
penetration-testing
bug-bounty
Oracle
PostgreSQL
IBM DB2
Informix
pokleyzz
yappare