SQL Injection | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Dolibarr : unauthenticated contacts database theft	SQL Injection Security Code Review	Dolibarr	Vladimir
I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.	SQL Injection GraphQL	Undisclosed	Nav1n (@Nav1n0x)
How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection	SQL Injection	Undisclosed	Nav1n (@Nav1n0x)
Vulnerability write-up - "Dangerous assumptions"	Prototype Pollution SQL Injection Security Code Review	DIVD	Thomas Rinsma (@Thomasrinsma) Kevin Valk (@Krvalk)
Securing Open-Source Solutions: A Study of osTicket Vulnerabilities	Stored XSS Reflected XSS SQL Injection Session Fixation	Enhancesoft (OsTicket)	Miguel Correia Davide Teixeira
Blind Time-based SQL injection vulnerability in an Indian government website	SQL Injection	NCIIPC	Kartikhunt3r
SQL Injection: Utilizing XML Functions in Oracle and PostgreSQL to bypass WAFs	SQL Injection WAF Bypass	Undisclosed	Mahmoud Gamal (@Zombiehelp54)
MyBB <= 1.8.31: Remote Code Execution Chain	RCE SQL Injection Stored XSS	MyBB	Aleksey Solovev
Bypassing Cloudflare WAF: XSS via SQL Injection	Reflected XSS SQL Injection WAF Bypass	Undisclosed	Uku Sõrmus
thisclosed_#2 - PostgreSQL Database Exfiltration through the abuse of PostgREST requests	SQL Injection	Undisclosed	Samuele Gugliotta (@Indevi0us)
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More	Account Takeover SSO RCE Authorization Bypass SQL Injection Mass Assignment Information Disclosure	Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM	Sam Curry (@Samwcyo) Neiko Rivera (@_Specters) Brett Buerhaus (@Bbuerhaus) Maik Robert (@XEHLE_) Ian Carroll (@Iangcarroll) Justin Rhinehart (@Sshell_) Shubham Shah (@Infosec_au)
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building	SQL Injection	Undisclosed	Omar Hashem (@OmarHashem666)
Getting Secret Key to Building Custom Burp Extension	SQL Injection	Undisclosed	Ashlyn Lau (@Ashlyn_lau)
How I found multiple critical bugs in Red Bull	Authentication Bypass HTTP Response Manipulation Path Traversal LFI XSS SQL Injection RCE Unrestricted File Upload RFI Security Code Review	Red Bull	Bartłomiej Bergier (@_Bergee_)
Exploiting an SQL injection with WAF bypass	SQL Injection WAF Bypass	Undisclosed	Benoit Philippe
How I Hacked A Company (My First Red Team Engagement 🚩)Permalink	SQL Injection	Undisclosed	Monish Kumar (@Aidenpearce369)
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF	WAF Bypass SQL Injection	Palo Alto Networks AWS Cloudflare F5 Imperva	Noam Moshe
A03:2021 — [Injection] SQL Injection through internal directory disclose	SQL Injection Information Disclosure	Undisclosed	Tushar
From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225)	SQL Injection Kerberos RCE Privilege Escalation Security Code Review	Intel	Julien Ahrens (@MrTuxracer)
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access	Cloud SQL Injection Privilege Escalation Information Disclosure	IBM	Ronen Shustin (@Ronenshh) Shir Tamari (@Shirtamari)
A great weekend hack(worth $8k)	SQL Injection IDOR Stored XSS	Undisclosed	Manas Harsh (@ManasH4rsh)
CVE-2022-40300: SQL Injection In Manageengine Privileged Access Management	SQL Injection	Zoho (ManageEngine)	Justin Hung Dusan Stevanovic
How I get +10 SQLi and +30 XSS via Automation Tool	SQL Injection XSS	Undisclosed	Mahmoud Attia (@0xElkot)
Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk	SQL Injection Logic Flaw	Zendesk	Tal Peleg
SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution	SQL Injection RCE Security Code Review	Cisco	-

Page 3 of 10