Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
989CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE SQL injection ZKTeco Caio Burgardt (@CaioBurgardt) Bug Bounty2022-10-062023-06-13
965SQL Injection in GraphQL SQL injection GraphQL NA Ahmed Gad (@0xGAD) Bug Bounty2022-10-132023-06-13
958Code Injection and SQLi in WP ALL Export Pro SQL injection Security code review NA p3n7a90n (@p3n7a90n) Bug Bounty2022-10-142023-06-13
956The Castle’s Latrine SQL injection NA infiltrateops Bug Bounty2022-10-142023-06-13
913Remote Code Execution by Abusing Apache Spark SQL SQL injection RCE NA Colin McQueen Bug Bounty2022-10-242023-06-13
882Blind SQL Injection on Delete Request Blind SQL injection NA Jawad Mahdi (@hunter0x1) Bug Bounty2022-10-302023-06-13
875Fuzzing For Hidden Params SQL injection NA calfcrusher Bug Bounty2022-11-022023-06-13
848Sleep SQL injection on Name Parameter While Updating Profile SQL injection NA Umer Yousuf Bug Bounty2022-11-102023-06-13
832SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution SQL injection RCE Security code review Cisco - Bug Bounty2022-11-142023-06-13
827Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk SQL injection Logic flaw Zendesk Tal Peleg Bug Bounty2022-11-152023-06-13
788How I get +10 SQLi and +30 XSS via Automation Tool SQL injection XSS NA Mahmoud Attia (@0xElkot) Bug Bounty2022-11-232023-06-13
786CVE-2022-40300: SQL Injection In Manageengine Privileged Access Management SQL injection Zoho (ManageEngine) Justin Hung Bug Bounty2022-11-232023-06-13
772A great weekend hack(worth $8k) SQL injection IDOR Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2022-11-262023-06-13
749Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access Cloud SQL injection Privilege escalation Information disclosure IBM Ronen Shustin (@ronenshh) Bug Bounty2022-12-012023-06-13
746From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225) SQL injection Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-12-012023-06-13
721A03:2021 — [Injection] SQL Injection through internal directory disclose SQL injection Information disclosure NA Tushar Bug Bounty2022-12-072023-06-13
717{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF WAF bypass SQL injection Palo Alto Networks AWS Cloudflare F5 Imperva Noam Moshe Bug Bounty2022-12-082023-06-13
698Exploiting an SQL injection with WAF bypass SQL injection WAF bypass NA Benoit Philippe Bug Bounty2022-12-132023-06-13
696How I Hacked A Company (My First Red Team Engagement 🚩)Permalink SQL injection NA Monish Kumar (@aidenpearce369) Bug Bounty2022-12-132023-06-13
661Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application Blind SQL injection Sage Mickaël Benassouli (@mickaelweb) Bug Bounty2022-12-212023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13
639Getting Secret Key to Building Custom Burp Extension SQL injection NA Ashlyn Lau Bug Bounty2022-12-292023-06-13
635CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building SQL injection NA Omar Hashem (@OmarHashem666) Bug Bounty2022-12-302023-06-13
621Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Account takeover SSO RCE Authorization bypass SQL injection Mass assignment Information disclosure Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM Sam Curry (@samwcyo) Bug Bounty2023-01-032023-06-13
588thisclosed_#2 - PostgreSQL Database Exfiltration through the abuse of PostgREST requests SQL injection NA Samuele Gugliotta (@indevi0us) Bug Bounty2023-01-162023-06-13