union-based-sqli

3 articles
sort: new top best
clear filter
bug-bounty451 google354 xss338 microsoft283 facebook246 apple171 exploit163 rce160 malware102 account-takeover95 cve91 bragging-post86 csrf83 browser77 writeup75 privilege-escalation68 react60 authentication-bypass57 cloudflare54 dos53 node52 docker51 ssrf51 phishing50 aws48 access-control47 oauth45 smart-contract45 supply-chain44 ethereum43 defi42 web342 sql-injection41 lfi37 idor35 vulnerability-disclosure32 smart-contract-vulnerability32 clickjacking31 burp-suite31 info-disclosure31 race-condition31 web-application31 reverse-engineering31 wordpress30 input-validation30 web-security29 information-disclosure29 cloud29 reflected-xss29 solidity27
0 6/10
SQLI in University of Cambridge
bug-bounty

A researcher discovered and exploited a SQL injection vulnerability in the University of Cambridge's Fitzwilliam Museum search functionality, demonstrating column enumeration via ORDER BY, UNION SELECT attacks, and successful extraction of database version, user credentials, and database name.

sql-injection union-based-sqli web-application database-enumeration bug-bounty vulnerable-search-parameter mysql order-by-enumeration error-based-sqli
University of Cambridge Adesh Kolte Fitzwilliam Museum MySQL 5.1.39
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 19 hours ago · details
0 6/10
Union based SQLI writeup
bug-bounty

A bug bounty hunter discovered a union-based SQL injection vulnerability in a private company's web application by identifying vulnerable parameters and methodically determining the number of columns (11) before extracting database version, user information, table schemas, and column names using UNION SELECT queries and information_schema enumeration.

sql-injection union-based-sqli bug-bounty writeup information-schema mysql web-application parameter-discovery database-enumeration
Nur A Alam Dipu
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 19 hours ago · details
0 5/10
SQLI with load file and into outfile
bug-bounty

A researcher discovered a SQL injection vulnerability in an affiliate form's email parameter, demonstrating information extraction via UNION-based injection and then escalating to arbitrary file read/write using MySQL's LOAD_FILE and INTO OUTFILE functions to exfiltrate /etc/passwd and create files on the server.

sql-injection load-file into-outfile union-based-sqli file-read file-write mysql bug-bounty burp-repeater information-disclosure
Mario Hackerone InfoSec Write-ups
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 19 hours ago · details