| Directory Traversal, SQL Injection and Server-Side Request Forgery |
|
|
|
| Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670 |
|
|
|
| Bypassing airport security via SQL injection |
|
|
|
| World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem |
|
|
|
| Exploiting authorization by nonce in WordPress plugins |
|
|
|
| No Database No Table, how do you do MSSQL Injection? |
|
|
|
| From Long-Term Hacking to Instant Rewards: Finding SQLi in 3 Minutes Worth $3125 |
|
|
|
| From a GLPI patch bypass to RCE |
|
|
|
| Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable |
|
|
|
| How I Got My First €€€€ Bounty |
|
|
|
| Hacking Apple - SQL Injection to Remote Code Execution |
|
|
|
| Subdomain Fuzzing worth 35k bounty! |
|
|
|
| $20,300 Bounties from a 200 Hour Hacking Challenge |
|
|
|
| Defeating Length Filters to Dump the Database - SQLi |
|
|
|
| CVE-2024-0685 Ninja Contact Forms Data Export SQLi |
|
|
|
| Null Byte on Steroids |
|
|
|
| A christmas tale: pwning GTB Central Console (CVE-2024-22107 & CVE-2024-22108) |
|
|
|
| SQL Injection on PostgreSQL |
|
|
|
| Multiple Vulnerabilities On GestSup 3.2.44 |
|
|
|
| A Straight 5-hour Escalation! Exploiting Boolean-Based SQL Injection.👽 |
|
|
|
| Blind Boolean Based SQLi By Manipulating URL |
|
|
|
| How I Found SQL Injection worth of $4,000 bounty |
|
|
|
| Blog Post: Bypassing an Admin Panel with SQL Injection |
|
|
|
| Behind the Query: Unearthing NTLM Hashes with SQL Injection |
|
|
|
| XPATH Injection - Exploiting Error-based SQL Injection |
|
|
|
writeups.xyz
/
SQL Injection