Contents
References
- Portswigger: SQLi
- Portswigger: SQLi cheat sheet
- Portswigger: SQLi UNION attack
- Portswigger: Examining the database
- Portswigger: Blind SQL injection
- Cheat Sheet: websec.cs SQLi
- Cheat Sheet: Netsparker SQLi
- Cheat Sheet: BigQuery SQL Injection
- NetSPI SQLi wiki
- My First Blind SQL Injection
- Advanced sqlmap Case Study
- SQL Injection in Harvard’s Subdomain
- How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
- CVE-2021-38159: MOVEit Transfer SQL Injection Analysis
- Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
- How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty
- H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress
- Pwning child company to get access to ParentCompany’s Slack Team
- EXPLOITING A TRICKY BLIND SQL INJECTION INSIDE LIMIT CLAUSE
- SQL Injection in Forget Password Function
- SQL Injection Bug Bounty POC!
- Blind (time-based) SQLi - Bug Bounty
- SQl Injection
- SQL injection through User-Agent
- Comma is forbidden! No worries!! Inject in insert/update queries without it
- Hacking a Crypto Debit Card Service
- My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection
- Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2
- How i got easy $$$ for SQL Injection Bug
- Turning Blind Error Based SQL Injection into Exploitable Boolean One
- Error-Based SQL Injection on a WordPress website and extract more than 150k user details
- SQL Injection & Remote Code Execution - Double P1
- Accessing the website directly through its IP address, a case of a poorly hidden sql injection
- From SQL Injection to Hall Of Fame
- Blind SQL Injection at fasteditor.hema.com
- From Host Header injection to SQL injection
- Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection
- HUNT for SQL Injection - The Smart Way!
- [Bug Bounty Writeups] Exploiting SQL Injection Vulnerability
- Tricky Oracle SQL Injection Situation
- Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability
- SQL Injection Via Stopping the redirection to a login page
- Finding SQL injections fast with white-box analysis — a recent bug example
- Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection
- SQL Injection in private-site.com/login.php
- SQL injection through User-Agent
- SQL injection for $50 bounty, but still worth reading!!
- Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
- SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
- SQL Injection Vulnerability In University Of Cambridge
- Making a Blind SQL Injection a Little Less Blind
- SQL Injection and A silly WAF
- #BugBounty — “Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection.
- Union Based Sql injection Write up ->A private Company Site
- SQL injection with load file and into outfile
- SQL injection in an UPDATE query - a bug bounty story!
- SQL Injection On MEGA.NZ
- Yahoo – Root Access SQL Injection – tw.yahoo.com
- Step-by-step: exploiting SQL injection(s) in Oculus’ website.
- Tesla Motors blind SQL injection
- SQL injections in Nokia sites.