#sqli risultati di ricerca
Stored-procedure SQLi: If DB allows privileged procedures, chain queries to perform OOB calls or side-effects (e.g., network/cmd execution via safe-redacted proc). Pattern: invoke a safe-redacted proc that performs an outbound action with substituted data. #BugBounty #SQLi
Have been here on X providing lots of things I found about #XSS, filter/WAF evasion, #SQLi, even #SSRF and other stuff as @BRuteLogic for the last 13+ yrs. So please don't think I'm just advertising w/ the content I create, I'm just trying to make a living out of my work. Thx.
Have been here on X providing lots of things I found about #XSS, filter/WAF evasion, #SQLi, even #SSRF and other stuff as @BRuteLogic for the last 13+ yrs. So please don't think I'm just advertising w/ the content I create, I'm just trying to make a living out of my work. Thx.
🚨 MEDIUM severity: CVE-2025-11288 targets CRMEB v5.0–5.6 with a public SQL injection flaw. No patch, vendor silent! Audit your systems & secure endpoints ASAP. 🔍 Details & mitigations: radar.offseq.com/threat/cve-202… #OffSeq #SQLi...
آسیبپذیریهایی مانند #XSS و #SQLi در حال کاهش هستن، در حالیکه نقصهای مربوط به Authorization مانند Improper Access Control و #IDOR بطور قابل توجهی در حال افزایش هستن. در مجموع، در سال ۲۰۲۵ تعداد ۱٬۱۲۱ برنامه #باگبانتی در هکروان شامل حوزهی AI بودن که این رقم ۲۷۰٪ افزایش داشته.
Stored-procedure SQLi: If DB allows privileged procedures, chain queries to perform OOB calls or side-effects (e.g., network/cmd execution via safe-redacted proc). Pattern: invoke a safe-redacted proc that performs an outbound action with substituted data. #BugBounty #SQLi
When your report gets triaged faster than your food delivery 🍕😂 #BugBounty #SQLi #intigriti #CyberSecurity
Blind SQL injection When an app hides query results, attackers extract data via side-channels: boolean-based (true/false) or time-based (delays). Redacted example: IF((SELECT SUBSTRING(secret,1,1)='a'), SLEEP(5),0) Effective against blind/WAFed targets #BugBounty #Infosec #Sqli
"SQL Injection is still dangerous — here are 3 quick ways to stop it: parameterized queries, strict input validation, and proper error handling + monitoring. Protect your app. 🛡️ #AppSec #WebSecurity #SQLi #DevSecOps #CyberSecurity
CVE-2025-11077 (SQL injection): There is a blind SQL injection in the Online Learning Management system via the title POST parameter (boolean/time‑based). Exploit : github.com/byteReaper77/C… #vulnerability #sqlinjection #sqli #blindSQLi #PoC #exploit #CVE
github.com
GitHub - byteReaper77/CVE-2025-11077: Exploit blind SQL Injection in (Online Learning Management...
Exploit blind SQL Injection in (Online Learning Management System) - GitHub - byteReaper77/CVE-2025-11077: Exploit blind SQL Injection in (Online Learning Management System)
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking)
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking) 6. Command Injection (#CommandInjection) 7. Remote File…
Penetration testing on a TryHackMe web app uncovered open ports, a vulnerable image gallery with SQL injection, and exposed database via backups and hidden files—demonstrating the power of thorough web enumeration and escalation. #SQLi #WebTesting ift.tt/jSqiC6u
💥 De SQLi a RCE – Explotación real paso a paso 📺 youtu.be/WXZEsDVzWUQ ✅ Enumeración completa ✅ HTML Injection + XSS ✅ SQLi clásica ✅ Escalada a RCE real ✅ Mentalidad ofensiva aplicada #BugBounty #SQLi #RCE #HackingEtico #WebSecurity #Pentesting #Ciberseguridad
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
🕵️♂️ P1 Finding of the day: While in wbu, spotted an '/ajax/' in an endpoint. Browsing returned a blank page, so going deep found 2020 archived URL with 2 parameters; still got a blank page. After some efforts crafted my own GET and POST HTTP request. #BugBounty #SQLi 1/n
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Another SQL Injection #sqli -- Payload: id=1'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z It's a Healthcare Company - Ops! happy to secure SO much patient data & more... #sqli #bugbounty #bugbountytips
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
Make sure to test mobile endpoints, not just mobile apps—test m.target.com. Mobile front-ends often run on separate infra, different WAF policies with different code base for huge sites like gaming/chat etc, hiding unique vuln surfaces...#BugBounty #SQLi #SQLMap [1/n]
![nav1n0x's tweet image. Make sure to test mobile endpoints, not just mobile apps—test m.target.com. Mobile front-ends often run on separate infra, different WAF policies with different code base for huge sites like gaming/chat etc, hiding unique vuln surfaces...#BugBounty #SQLi #SQLMap [1/n]](https://pbs.twimg.com/media/Gqj9VM2WYAADafJ.png)
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi
![nav1n0x's tweet image. Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi](https://pbs.twimg.com/media/GMQc_KLWUAAeaWT.png)
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
Something went wrong.
Something went wrong.
United States Trends
- 1. Columbus 173K posts
- 2. President Trump 1.15M posts
- 3. Middle East 278K posts
- 4. Brian Callahan 11K posts
- 5. Azzi 7,281 posts
- 6. #IndigenousPeoplesDay 12.9K posts
- 7. Titans 42.3K posts
- 8. Thanksgiving 57K posts
- 9. Vrabel 7,494 posts
- 10. Cape Verde 18K posts
- 11. Macron 225K posts
- 12. Marc 51.5K posts
- 13. #Isles 1,581 posts
- 14. Seth 51.3K posts
- 15. HAZBINTOOZ 6,369 posts
- 16. Apple TV 5,983 posts
- 17. Native Americans 13.9K posts
- 18. Sabres 3,524 posts
- 19. $GIGGLE 5,433 posts
- 20. Sorokin N/A