bug-bounty622
facebook466
xss316
google157
rce105
microsoft102
apple68
csrf61
account-takeover54
web354
writeup51
exploit43
sqli41
cve37
ssrf35
cloudflare33
dos33
malware30
privilege-escalation29
defi28
smart-contract-vulnerability25
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
node22
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
docker17
reverse-engineering17
react17
cloud17
oauth16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
supply-chain13
phishing13
wordpress12
denial-of-service11
sql-injection11
delegatecall11
0
A writeup on exploiting SQL injection in INSERT queries where commas are forbidden by application logic, using CASE WHEN statements with LIKE operators and CAST functions as a payload bypass technique. The author demonstrates time-based blind SQL injection without commas and provides automated exploitation code.
sql-injection
insert-query
time-based-blind-sqli
comma-bypass
case-when
sqli-exploitation
mariadb
mysql
payload-technique
data-exfiltration
Ahmed Sultan
0x4148
Redforce Web Security
Detectify