#sqli ผลการค้นหา

💡 Why it matters: Attackers can steal or corrupt your data through malicious queries. 🛡️ Action: Deploy Quttera Website Protection to block SQLi payloads at the WAF layer. #SQLi #WebAppSecurity #Quttera #Website #Malware

#WordPress: Detect SQLi, XSS, and RFI attempts before they succeed. Enable Website Protection (WAF). quttera.com #SQLi #XSS #MalwareProtection

And another proof that SQL injection still exists in 2025 :) Exposing more than 100 admin accounts with passwords and personal informations. Site directly got notified about it dw. #SQL #SQLI #Vulnerability #BugBounty

Bende çocuğumun okulda din dersi almasını istemiyorum ama muaf olması için yine başka bir dine mensup olması gerekiyor. Milli eğitim bunu dayatıyor. Ben deistim kardeşim benim çocuğuma din dayatması neden yapılıyor? #Atatürk #din #akp #deprem #29ekim #Cumhuriyet #sqlı #çarşamba

Domina la cadena de ataque completa: SQLi ➡️ RCE ➡️ PrivEsc. Este playground en Docker te permite practicar la explotación de PostgreSQL en un entorno seguro y realista. ¡Un desafío esencial para todo pentester! Link: github.com/filipkarc/sqli… 💥🧪 #SQLi #HackingEtico #Pentesting

This week Lab-only: practiced SQLi DB enumeration (Oracle & non-Oracle), extracted schema info and demonstrated admin account takeover in authorized labs — focused on impact analysis and remediation. #AppSec #SQLi #CTF #Infosec

Day 1/30 — SQLi basics with sqlmap: An automated tool to find & exploit SQL injection (error, boolean, UNION, time, stacked, inline). Quick tip: test only on authorised targets. 🚨 sqlmap -u "http://lab.local/item.php?id=2" -p id --dbs #30DayChallenge #SQLi #infosec

SQLi work: practiced login bypass, used ORDER BY and UNION to enumerate columns and fingerprint DBs — all in controlled labs. #SQLi

2.Bypass Tricks and exploitation methods #sqli #bugbounty

Have been here on X providing lots of things I found about #XSS, filter/WAF evasion, #SQLi, even #SSRF and other stuff as @BRuteLogic for the last 13+ yrs. So please don't think I'm just advertising w/ the content I create, I'm just trying to make a living out of my work. Thx.

1. Payloads #metasploit #xss #sqli

🕷️Exploiting Unconventional SQLis Manually 💉 A thread 🧵 1/n #sqli #synack #srt

SQL Injection OneLiners 🫰 #bugbountytip #sqli #bugbountytips

#SQLi

Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec

Cool Blind #SQLi. The target has an admin login page where certain methods are allowed. I found the API endpoint for the admin login and sent the same payload. Success. POST /admin/login ==> 405 POST /api/v01/admin/login ==> 200 OK + Blind SQLi #bugbounty #SQLi

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

#SQLI

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

Test Cases for Email Address Functionality Some Email based Payloads for Different Vulnerabilities created by @intigriti #bugbounty #bugbountytips #sqli

Over the weekend, @r0s37 invited us to collaborate on an external #bugbounty program. We discovered unauthenticated #SQLi on the target application via two endpoints.🧵

Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…

Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi

Bug: SQLi method: oneliner link github.com/h6nt3r/tools/b… #sqli #hackerone #bugcrowd #ethicalhacking

💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli

🚨 I found the coolest #SQLi on a target! Surprisingly, the SQLi was in the "ignore cookies" button of the cookie banner. As I always say and do, don’t just look for SQLis in parameters. Check uncommon places like cookie banners, cookie accept buttons, etc. #BugBounty…

Thanks @coffinxp7 Found Bsqli #sqli #bsqli

Good morning SQL injection ❤️😎 #Sqli

SQLi Found on Login panel Found endpoint from Shodan and hit it with Ghauri & SQLmap both was successful enough! Happy to Secure World's Most Trusted Airlines! credit: @Joyerz5 #BugBounty #sqli

🧠 SQLi via Nested JSON 1️⃣ Input: { "filters": { "user": "admin'--" } } 2️⃣ App flattens nested JSON to query 3️⃣ WAF misses deeply nested keys 4️⃣ SQLi fires silently 🎯 Obscure path → full DB access #bugbounty #SQLi #wafbypass #json

Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity