#sqli ผลการค้นหา
Just published a new write‑up on the HTB SQL Injection Skills Assessment! From enum → SQLi → DB dump → file read/write → RCE → flag 🎯 Check it out here: medium.com/@Sec_IRON0x0/s… If you check it out, I’d love to hear your feedback! #SQLI #PenTesting #Web_Security
I found Blind SqLI just added #sqli payload Tips : X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(8),0))XOR'
⚠️ SQL Injection Danger #SQLi isn’t “old”—it’s still destroying databases and leaking user data every single day. One bad query = full takeover 🛡️ Shield it: Run Vulnerability Assessment regularly quttera.com/website-anti-m… #CVE #InfoSec #CyberSecurity
🚨 WordPress users, attention! The 'My auctions allegro' plugin (v3.6.32 & earlier) has a critical SQL Injection vulnerability. Unauthenticated attackers can steal sensitive database info! 🛡️ Update NOW to protect your site. tenable.com/cve/CVE-2025-1… #WordPressSecurity #SQLi #CVE
⚠️ WordPress: el plugin Tag, Category, and Taxonomy Manager – AI Autotagger con OpenAI (≤3.40.1) permite SQL Injection a usuarios Contributor+. CVSS 6.5. Actualiza a 3.41.0. #WordPress #Seguridad #SQLi t.me/vulnerabilityw…
⚠️ #Drupal Alert Exploited modules open #SQLi → #RCE chains that deploy 0-day malware 🛡️ Action: Audit modules and scan with Quttera’s heuristic detection engine quttera.com #CyberSecurity #Malware #WebsiteSecurity
Domina la cadena de ataque completa: SQLi ➡️ RCE ➡️ PrivEsc. Este playground en Docker te permite practicar la explotación de PostgreSQL en un entorno seguro y realista. ¡Un desafío esencial para todo pentester! Link: github.com/filipkarc/sqli… 💥🧪 #SQLi #HackingEtico #Pentest
⚠️ Website Security Alert Why it matters: Outdated plugins expose sites to #SQLi, #RCE, and #XSS exploit chains. 🛡️ Action: Enable auto-updates, remove unused components, and run regular CVE-driven vulnerability scans #CVE #CyberSecurity #Malware
𝗟𝗼𝗴𝘀𝗲𝗻𝘀𝗼𝗿 🕵🏽♂️ Herramienta en Python para descubrir paneles de login y escaneo de SQLi en formularios POST. Soporta escaneo de múltiples hosts, escaneo dirigido de formularios SQLi y proxies. 🛡️ 🌐 github.com/Mr-Robert0/Log… #Logsensor #SQLI #Pentesting #CyberSecurity…
#WooCommerce — #SQLi CVE in Payment Extensions 🚨 Why it matters: SQL injection in WooCommerce payment add-ons can leak customer info, alter orders, and inject malicious scripts 🛡️ Action: Block SQLi attempts and scan your store for injected code quttera.com #CVE…
Just bypassed the admin login in a PortSwigger lab using classic SQLi 😎 Payload: admin' OR '1'='1-- No sanitization = full authentication bypass. Burp Repeater FTW 💥 #CyberSecurity #SQLi #BugBounty #WebSecurity
#PrestaShop — Payment Form Injection via SQLi 🚨 Why it matters: SQL injection in outdated PrestaShop plugins injects fake payment forms and steals customer info 🛡️ Action: Use Quttera Malware Scanner to detect injected forms early quttera.com/website-malwar… #Malware #SQLi…
#WordPress — SQL Injection → Malware Deployment 🚨 Why it matters: #SQLi injects malware directly into core WP database tables 🛡️ Action: Block attacks with Quttera WAF and protect your perimeter quttera.com/web-applicatio… #CVE #CyberSecurity
The one defense against SQL Injection that still works 99% of the time? Parameterized Queries. They teach the database to treat user input as DATA, not executable CODE. Stop using string concatenation for queries! #SQLi #AppSec #HackingTip #CyberSecurity
Null Byte SQL injection attempt today for registration from a Russian IP. Thought to share because I found it interesting. HF backend handled it properly. #sqli
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
SQLite Injection via WebSQL API 1️⃣ Some apps use openDatabase() in JS to store/query user data 2️⃣ If input is inserted directly into SQL: db.transaction(t => { t.executeSql(`SELECT * FROM users WHERE name = '${input}'`); }); 3️⃣ ' OR 1=1-- → dumps users #BugBounty #sqli
Bug: SQLi method: oneliner link github.com/h6nt3r/tools/b… #sqli #hackerone #bugcrowd #ethicalhacking
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
SQLi Found on Login panel Found endpoint from Shodan and hit it with Ghauri & SQLmap both was successful enough! Happy to Secure World's Most Trusted Airlines! credit: @Joyerz5 #BugBounty #sqli
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799
🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
🧠 2nd-Order SQLi → Privilege Escalation 1️⃣ Malicious input saved (e.g. in user bio) 2️⃣ Later used in unsafe SQL on admin panel 3️⃣ Payload triggers: user gets admin rights 4️⃣ Injection happens during second-stage processing 🎯 Delayed SQLi → silent takeover #bugbounty #sqli
Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi
![nav1n0x's tweet image. Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi](https://pbs.twimg.com/media/GMQc_KLWUAAeaWT.png)
🧠 WAF Bypass via JSON-Based SQLi 1️⃣ WAF blocks classic payloads in query params 2️⃣ App parses JSON body: {"user":"admin' OR 1=1--"} 3️⃣ WAF doesn’t inspect JSON deeply 4️⃣ Payload reaches backend → SQLi triggers 🎯 JSON input → stealth injection #bugbounty #wafbypass #sqli
Something went wrong.
Something went wrong.
United States Trends
- 1. Harada 6,841 posts
- 2. Chiefs 114K posts
- 3. Good Monday 33.7K posts
- 4. Tekken 16.8K posts
- 5. #OrmxHausNowhereBKK 130K posts
- 6. ORM HAUS NOWHERE GOP 127K posts
- 7. Mahomes 41.5K posts
- 8. Kelce 25.4K posts
- 9. #ITWelcomeToDerry 73.1K posts
- 10. Orm Kornnaphat 12.7K posts
- 11. Texans 49.1K posts
- 12. rUSD N/A
- 13. #MondayMotivation 6,160 posts
- 14. Andy Reid 7,072 posts
- 15. #BaddiesUSA 33.5K posts
- 16. Proverbs 4,793 posts
- 17. Pennywise 36.6K posts
- 18. Rashee Rice 10.9K posts
- 19. Cambodia 48K posts
- 20. #HappyBirthdayNicki 2,076 posts