#sqli 搜尋結果
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
I love this kind of Burp message that sweet SQL error. Tip: Build your own Burp Suite scanner to catch these automatically. credit to @HaroonHameed40 @intigriti @PortSwigger #InfoSec #SQLi
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799
🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
𝗟𝗼𝗴𝘀𝗲𝗻𝘀𝗼𝗿 🕵🏽♂️ Herramienta en Python para descubrir paneles de login y escaneo de SQLi en formularios POST. Soporta escaneo de múltiples hosts, escaneo dirigido de formularios SQLi y proxies. 🛡️ 🌐 github.com/Mr-Robert0/Log… #Logsensor #SQLI #Pentesting #CyberSecurity…
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
Top 10 web area's to start your hunt with: 1. SQL Injection (#SQLi) 2. Cross-Site Scripting (#XSS) 3. Cross-Site Request Forgery (#CSRF) 4. Insecure Direct Object References (#IDOR) 5. Clickjacking (#Clickjacking) 6. Command Injection (#CommandInjection) 7. Remote File…
Exceptional SQLi ✔️ Top 100 overall severity high to exceptional @intigriti ✔️ And this is just the warm-up 🔥 #SQLIMaster #BugBounty #SQLi #InfoSec #CyberSecurity #Leaderboard
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
Time-Based Blind SQLi: No errors, no data in response—just time as your oracle. Inject SLEEP() or pg_sleep() to measure delays and confirm injection points. Perfect for Burp Intruder with time diff analysis. Slow… but revealing. 💉 #BugBounty #sqli
Remember the SQLi that gave me 204 DBs? Company patched it in 10 mins… but as a hunter, the hunt doesn’t stop there. 🕵️♂️ I started looking for connected legacy assets → and found my way back in. #BugBounty #SQLi #bugbountytips
Found an untouched asset (built in 2018) with an unsubscribe functionality. Turned out it was vulnerable to time-based blind SQLi → from a single entry point I accessed 200+ databases. Patience + curiosity always pay off 💰€€€€ #BugBounty #SQLi #bugbountytips Thread 🧵…
Blind SQL injection When an app hides query results, attackers extract data via side-channels: boolean-based (true/false) or time-based (delays). Redacted example: IF((SELECT SUBSTRING(secret,1,1)='a'), SLEEP(5),0) Effective against blind/WAFed targets #BugBounty #Infosec #Sqli
Bug: SQLi method: oneliner link github.com/h6nt3r/tools/b… #sqli #hackerone #bugcrowd #ethicalhacking
⚠️ Website Security Alert Why it matters: Outdated plugins expose sites to #SQLi, #RCE, and #XSS exploit chains. 🛡️ Action: Enable auto-updates, remove unused components, and run regular CVE-driven vulnerability scans #CVE #CyberSecurity #Malware
𝗟𝗼𝗴𝘀𝗲𝗻𝘀𝗼𝗿 🕵🏽♂️ Herramienta en Python para descubrir paneles de login y escaneo de SQLi en formularios POST. Soporta escaneo de múltiples hosts, escaneo dirigido de formularios SQLi y proxies. 🛡️ 🌐 github.com/Mr-Robert0/Log… #Logsensor #SQLI #Pentesting #CyberSecurity…
#WooCommerce — #SQLi CVE in Payment Extensions 🚨 Why it matters: SQL injection in WooCommerce payment add-ons can leak customer info, alter orders, and inject malicious scripts 🛡️ Action: Block SQLi attempts and scan your store for injected code quttera.com #CVE…
Just bypassed the admin login in a PortSwigger lab using classic SQLi 😎 Payload: admin' OR '1'='1-- No sanitization = full authentication bypass. Burp Repeater FTW 💥 #CyberSecurity #SQLi #BugBounty #WebSecurity
#PrestaShop — Payment Form Injection via SQLi 🚨 Why it matters: SQL injection in outdated PrestaShop plugins injects fake payment forms and steals customer info 🛡️ Action: Use Quttera Malware Scanner to detect injected forms early quttera.com/website-malwar… #Malware #SQLi…
#WordPress — SQL Injection → Malware Deployment 🚨 Why it matters: #SQLi injects malware directly into core WP database tables 🛡️ Action: Block attacks with Quttera WAF and protect your perimeter quttera.com/web-applicatio… #CVE #CyberSecurity
The one defense against SQL Injection that still works 99% of the time? Parameterized Queries. They teach the database to treat user input as DATA, not executable CODE. Stop using string concatenation for queries! #SQLi #AppSec #HackingTip #CyberSecurity
Null Byte SQL injection attempt today for registration from a Russian IP. Thought to share because I found it interesting. HF backend handled it properly. #sqli
Basic Detection Start with simple URL testing: sqlmap -u "site.com/page?id=1" For POST requests: sqlmap -u "site.com/login" --data="user=admin&pass=test" #SQLi #PenetrationTesting
🚨WordPress Alert Why it matters: WordPress plugins targeted by SQL Injection can expose your entire database 🛡️ Action: Scan with WordPress Malware Scanner to detect injected queries early quttera.com/wordpress-malw… #WordPress #SQLi #Quttera #CyberSecurity #InfoSec
F5 SQLi WAF BYPASS ‘ or (select ‘sqli’) = ‘sqli // blocked ‘ || not (select ‘sqli’) like ‘s% // bypassed #F5 #sqli #BugBounty
SQL Injection (SQLi) ⚠️Why it matters: Hackers inject malicious SQL queries to steal your website’s database data. Action: Use Quttera WAF and regular vulnerability scans to block and detect SQLi attempts. quttera.com #SQLi #WebsiteSecurity #CyberSecurity
🚨 Spot the Vulnerability #04 This Flask route works until someone inputs ' OR '1'='1. Can you spot the flaw? 🤔 Reply with your answer. #SQLi #AppSec #BugBounty
Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : github.com/MuhammadWaseem… Refrence : github.com/glpi-project/g… #GLPI #SQLi #CVE202524799
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Discovered a very interesting path based SQLi yesterday. Injected: /‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/ → No delay /page/‘XOR(if(now()=sysdate(),sleep(8),0))XOR’111/test.test triggered delay. Same payload, different results. Here's why👇 1/4 #BugBounty #SQLi #WebSec
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Cool Blind #SQLi. The target has an admin login page where certain methods are allowed. I found the API endpoint for the admin login and sent the same payload. Success. POST /admin/login ==> 405 POST /api/v01/admin/login ==> 200 OK + Blind SQLi #bugbounty #SQLi
🔍 Tip for finding SQLi in WordPress plugins: - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical #BugBounty #SQLi
SQLMap could not detect this injection while I knew the endpoint was vulnerable. I had heard about Ghauri. I decided to give it a shot; It worked like a charm. #BugBounty #bugbountytips #sqli
💉 SQL injection bypassing Cloudflare When testing a site, you can bypass Cloudflare's SQL injection protection using sqlmap and a combination of space2comment, between, randomcase tamper scripts. #web #sqli
Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi
![nav1n0x's tweet image. Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi](https://pbs.twimg.com/media/GMQc_KLWUAAeaWT.png)
Test Cases for Email Address Functionality Some Email based Payloads for Different Vulnerabilities created by @intigriti #bugbounty #bugbountytips #sqli
Another SQLi, But when webmaster asks, "Can you crack the pass it's on Hash format" Me like - 🤣😂 After a while.... #sqli #bugbounty
Bug: SQLi method: oneliner link github.com/h6nt3r/tools/b… #sqli #hackerone #bugcrowd #ethicalhacking
Something went wrong.
Something went wrong.
United States Trends
- 1. Kalani 6,503 posts
- 2. Penn State 9,698 posts
- 3. Stein 12.5K posts
- 4. REAL ID 7,652 posts
- 5. Vanguard 14.6K posts
- 6. Milagro 32.3K posts
- 7. Hartline 4,114 posts
- 8. TOP CALL 12.1K posts
- 9. Merry Christmas 54.9K posts
- 10. Crumbl N/A
- 11. Cyber Monday 62.2K posts
- 12. #OTGala11 187K posts
- 13. Admiral Bradley 13.5K posts
- 14. MRIs 5,210 posts
- 15. Monday Night Football 3,038 posts
- 16. Jay Hill N/A
- 17. Shakur 8,813 posts
- 18. Jaxson Dart 4,102 posts
- 19. Abdul Carter 1,774 posts
- 20. #GivingTuesday 4,443 posts