#sqli نتائج البحث
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
SQLite Injection via WebSQL API 1️⃣ Some apps use openDatabase() in JS to store/query user data 2️⃣ If input is inserted directly into SQL: db.transaction(t => { t.executeSql(`SELECT * FROM users WHERE name = '${input}'`); }); 3️⃣ ' OR 1=1-- → dumps users #BugBounty #sqli
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
Remember the SQLi that gave me 204 DBs? Company patched it in 10 mins… but as a hunter, the hunt doesn’t stop there. 🕵️♂️ I started looking for connected legacy assets → and found my way back in. #BugBounty #SQLi #bugbountytips
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
GoDaddy SQL Injection Vulnerability..:) Follow Us: youtube.com/@nullsecurityx #BugBounty #Cybersecurity #sqli #Pentesting
Have been here on X providing lots of things I found about #XSS, filter/WAF evasion, #SQLi, even #SSRF and other stuff as @BRuteLogic for the last 13+ yrs. So please don't think I'm just advertising w/ the content I create, I'm just trying to make a living out of my work. Thx.
🚨 MEDIUM severity: CVE-2025-11288 targets CRMEB v5.0–5.6 with a public SQL injection flaw. No patch, vendor silent! Audit your systems & secure endpoints ASAP. 🔍 Details & mitigations: radar.offseq.com/threat/cve-202… #OffSeq #SQLi...
آسیبپذیریهایی مانند #XSS و #SQLi در حال کاهش هستن، در حالیکه نقصهای مربوط به Authorization مانند Improper Access Control و #IDOR بطور قابل توجهی در حال افزایش هستن. در مجموع، در سال ۲۰۲۵ تعداد ۱٬۱۲۱ برنامه #باگبانتی در هکروان شامل حوزهی AI بودن که این رقم ۲۷۰٪ افزایش داشته.
Stored-procedure SQLi: If DB allows privileged procedures, chain queries to perform OOB calls or side-effects (e.g., network/cmd execution via safe-redacted proc). Pattern: invoke a safe-redacted proc that performs an outbound action with substituted data. #BugBounty #SQLi
When your report gets triaged faster than your food delivery 🍕😂 #BugBounty #SQLi #intigriti #CyberSecurity
Blind SQL injection When an app hides query results, attackers extract data via side-channels: boolean-based (true/false) or time-based (delays). Redacted example: IF((SELECT SUBSTRING(secret,1,1)='a'), SLEEP(5),0) Effective against blind/WAFed targets #BugBounty #Infosec #Sqli
"SQL Injection is still dangerous — here are 3 quick ways to stop it: parameterized queries, strict input validation, and proper error handling + monitoring. Protect your app. 🛡️ #AppSec #WebSecurity #SQLi #DevSecOps #CyberSecurity
CVE-2025-11077 (SQL injection): There is a blind SQL injection in the Online Learning Management system via the title POST parameter (boolean/time‑based). Exploit : github.com/byteReaper77/C… #vulnerability #sqlinjection #sqli #blindSQLi #PoC #exploit #CVE
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking)
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking) 6. Command Injection (#CommandInjection) 7. Remote File…
Penetration testing on a TryHackMe web app uncovered open ports, a vulnerable image gallery with SQL injection, and exposed database via backups and hidden files—demonstrating the power of thorough web enumeration and escalation. #SQLi #WebTesting ift.tt/jSqiC6u
💥 De SQLi a RCE – Explotación real paso a paso 📺 youtu.be/WXZEsDVzWUQ ✅ Enumeración completa ✅ HTML Injection + XSS ✅ SQLi clásica ✅ Escalada a RCE real ✅ Mentalidad ofensiva aplicada #BugBounty #SQLi #RCE #HackingEtico #WebSecurity #Pentesting #Ciberseguridad
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
🕵️♂️ P1 Finding of the day: While in wbu, spotted an '/ajax/' in an endpoint. Browsing returned a blank page, so going deep found 2020 archived URL with 2 parameters; still got a blank page. After some efforts crafted my own GET and POST HTTP request. #BugBounty #SQLi 1/n
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi
![nav1n0x's tweet image. Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi](https://pbs.twimg.com/media/GMQc_KLWUAAeaWT.png)
SQLMap could not detect this injection while I knew the endpoint was vulnerable. I had heard about Ghauri. I decided to give it a shot; It worked like a charm. #BugBounty #bugbountytips #sqli
⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
Bug: SQLi method: oneliner link github.com/h6nt3r/tools/b… #sqli #hackerone #bugcrowd #ethicalhacking
🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
Something went wrong.
Something went wrong.
United States Trends
- 1. Auburn 45.9K posts
- 2. Brewers 65.1K posts
- 3. Georgia 67.7K posts
- 4. Cubs 56.3K posts
- 5. Kirby Smart 8,367 posts
- 6. Utah 25.2K posts
- 7. Gilligan 6,096 posts
- 8. #byucpl N/A
- 9. Arizona 41.6K posts
- 10. #SEVENTEEN_NEW_IN_TACOMA 31.6K posts
- 11. #BYUFootball 1,015 posts
- 12. #AcexRedbull 4,102 posts
- 13. Michigan 62.7K posts
- 14. #Toonami 2,976 posts
- 15. Boots 50.4K posts
- 16. Wordle 1,576 X N/A
- 17. Hugh Freeze 3,270 posts
- 18. mingyu 85.9K posts
- 19. Amy Poehler 4,845 posts
- 20. Holy War 2,206 posts