#sqli resultados da pesquisa
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
Remember the SQLi that gave me 204 DBs? Company patched it in 10 mins… but as a hunter, the hunt doesn’t stop there. 🕵️♂️ I started looking for connected legacy assets → and found my way back in. #BugBounty #SQLi #bugbountytips
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
When your report gets triaged faster than your food delivery 🍕😂 #BugBounty #SQLi #intigriti #CyberSecurity
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
Having trouble bypassing filters after finding #SQLInjection? Check out these tricks from @appSecExp that will help you get through them quickly. Have any tips you swear by? Share them with us! #SQLi #hacking #infosec
GoDaddy SQL Injection Vulnerability..:) Follow Us: youtube.com/@nullsecurityx #BugBounty #Cybersecurity #sqli #Pentesting
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
Have been here on X providing lots of things I found about #XSS, filter/WAF evasion, #SQLi, even #SSRF and other stuff as @BRuteLogic for the last 13+ yrs. So please don't think I'm just advertising w/ the content I create, I'm just trying to make a living out of my work. Thx.
🚨 MEDIUM severity: CVE-2025-11288 targets CRMEB v5.0–5.6 with a public SQL injection flaw. No patch, vendor silent! Audit your systems & secure endpoints ASAP. 🔍 Details & mitigations: radar.offseq.com/threat/cve-202… #OffSeq #SQLi...
آسیبپذیریهایی مانند #XSS و #SQLi در حال کاهش هستن، در حالیکه نقصهای مربوط به Authorization مانند Improper Access Control و #IDOR بطور قابل توجهی در حال افزایش هستن. در مجموع، در سال ۲۰۲۵ تعداد ۱٬۱۲۱ برنامه #باگبانتی در هکروان شامل حوزهی AI بودن که این رقم ۲۷۰٪ افزایش داشته.
Stored-procedure SQLi: If DB allows privileged procedures, chain queries to perform OOB calls or side-effects (e.g., network/cmd execution via safe-redacted proc). Pattern: invoke a safe-redacted proc that performs an outbound action with substituted data. #BugBounty #SQLi
When your report gets triaged faster than your food delivery 🍕😂 #BugBounty #SQLi #intigriti #CyberSecurity
Blind SQL injection When an app hides query results, attackers extract data via side-channels: boolean-based (true/false) or time-based (delays). Redacted example: IF((SELECT SUBSTRING(secret,1,1)='a'), SLEEP(5),0) Effective against blind/WAFed targets #BugBounty #Infosec #Sqli
"SQL Injection is still dangerous — here are 3 quick ways to stop it: parameterized queries, strict input validation, and proper error handling + monitoring. Protect your app. 🛡️ #AppSec #WebSecurity #SQLi #DevSecOps #CyberSecurity
CVE-2025-11077 (SQL injection): There is a blind SQL injection in the Online Learning Management system via the title POST parameter (boolean/time‑based). Exploit : github.com/byteReaper77/C… #vulnerability #sqlinjection #sqli #blindSQLi #PoC #exploit #CVE
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking)
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking) 6. Command Injection (#CommandInjection) 7. Remote File…
Penetration testing on a TryHackMe web app uncovered open ports, a vulnerable image gallery with SQL injection, and exposed database via backups and hidden files—demonstrating the power of thorough web enumeration and escalation. #SQLi #WebTesting ift.tt/jSqiC6u
💥 De SQLi a RCE – Explotación real paso a paso 📺 youtu.be/WXZEsDVzWUQ ✅ Enumeración completa ✅ HTML Injection + XSS ✅ SQLi clásica ✅ Escalada a RCE real ✅ Mentalidad ofensiva aplicada #BugBounty #SQLi #RCE #HackingEtico #WebSecurity #Pentesting #Ciberseguridad
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
🕵️♂️ P1 Finding of the day: While in wbu, spotted an '/ajax/' in an endpoint. Browsing returned a blank page, so going deep found 2020 archived URL with 2 parameters; still got a blank page. After some efforts crafted my own GET and POST HTTP request. #BugBounty #SQLi 1/n
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…
Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi
![nav1n0x's tweet image. Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi](https://pbs.twimg.com/media/GMQc_KLWUAAeaWT.png)
Another SQL Injection #sqli -- Payload: id=1'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z It's a Healthcare Company - Ops! happy to secure SO much patient data & more... #sqli #bugbounty #bugbountytips
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
SQLMap could not detect this injection while I knew the endpoint was vulnerable. I had heard about Ghauri. I decided to give it a shot; It worked like a charm. #BugBounty #bugbountytips #sqli
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
⚡️SQLi Time Based Payloads ✅Join Telegram to Download- t.me/brutsecurity/1… #sqli #bugbounty #bugbountytips
Do not forget to test 'Newsletter Signup' form for SQLi & stored XSS. This public bb target is on bc since 2022 & has different s/u forms for home page & internal pages, the internal one was vulnerable - probably not being maintained. #BugBounty #SQLi.
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
Something went wrong.
Something went wrong.
United States Trends
- 1. Cowboys 70.9K posts
- 2. Fred Warner 9,494 posts
- 3. Baker 16.8K posts
- 4. Panthers 71.6K posts
- 5. Packers 25.4K posts
- 6. Zac Taylor 2,675 posts
- 7. Ravens 63.5K posts
- 8. Browns 63K posts
- 9. #FTTB 3,624 posts
- 10. Dolphins 46K posts
- 11. #KeepPounding 8,001 posts
- 12. Cam Ward 2,006 posts
- 13. Eberflus 9,785 posts
- 14. #49ers 5,638 posts
- 15. Penn State 62.9K posts
- 16. Colts 55.4K posts
- 17. #GoPackGo 2,982 posts
- 18. #Bengals 2,558 posts
- 19. Franklin 71.7K posts
- 20. Steelers 65.3K posts