bug-bounty432
google350
xss348
microsoft279
facebook245
apple171
exploit158
rce153
malware95
account-takeover94
cve87
csrf82
writeup78
bragging-post78
browser76
privilege-escalation66
react59
authentication-bypass57
cloudflare54
dos53
ssrf51
docker51
node49
aws47
access-control47
smart-contract45
phishing45
oauth45
ethereum43
defi42
supply-chain42
sql-injection41
web341
lfi37
idor34
smart-contract-vulnerability32
clickjacking31
web-application31
wordpress30
race-condition30
reverse-engineering30
info-disclosure29
vulnerability-disclosure29
cloud28
information-disclosure28
burp-suite28
solidity27
web-security27
cors26
responsible-disclosure26
0
5/10
bug-bounty
A researcher discovered a SQL injection vulnerability in a trading company's reporting download endpoint via a hidden 'status' parameter that was discovered using parameter mining tools, exploitable through time-based blind SQL injection.
sql-injection
hidden-parameter
parameter-discovery
time-based-blind-sql-injection
sqlmap
burp-suite
parameter-brute-forcing
web-application-security
bug-bounty
trading-platform
Rutvik Hajare
OWASP
sqlmap
Burp Suite
0
7/10
bug-bounty
A bug bounty hunter documents their journey discovering a time-based blind SQL injection vulnerability in a sorting parameter by using MySQL version detection via comment syntax to narrow payload scope, ultimately bypassing WAF filters with the payload (select*from(select(sleep(10)))a) and earning a $3500 bounty.
sql-injection
time-based-blind-sql-injection
mysql
waf-bypass
bug-bounty
web-application-security
database-enumeration
payload-crafting
burp-suite
Marx Chryz Del Mundo
RootCon
Bugcrowd
Web Application Hacker's Handbook
Web Hacking 101
Stök
Farah Hawa
Jason Haddix
Peter Yaworski
James Kettle
Dafydd Stuttard