| 558 | Bypassing Cloudflare WAF: XSS via SQL Injection |
Reflected XSS
SQL injection
WAF bypass |
NA |
Uku Sõrmus |
Bug Bounty | 2023-01-21 | 2023-06-13 |
| 544 | MyBB <= 1.8.31: Remote Code Execution Chain |
RCE
SQL injection
Stored XSS |
MyBB |
Aleksey Solovev |
Bug Bounty | 2023-01-25 | 2023-06-13 |
| 456 | Blind Time-based SQL injection vulnerability in an Indian government website |
SQL injection |
NCIIPC |
Kartikhunt3r |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 454 | SQL Injection: Utilizing XML Functions in Oracle and PostgreSQL to bypass WAFs |
SQL injection
WAF bypass |
NA |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 451 | Securing Open-Source Solutions: A Study of osTicket Vulnerabilities |
Stored XSS
Reflected XSS
SQL injection
Session fixation |
osTicket |
Miguel Correia |
Bug Bounty | 2023-02-14 | 2023-06-13 |
| 414 | Vulnerability write-up - "Dangerous assumptions" |
Prototype pollution
SQL injection
Security code review |
DIVD |
Thomas Rinsma (@thomasrinsma) |
Bug Bounty | 2023-02-22 | 2023-06-13 |
| 331 | How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection |
SQL injection |
NA |
nav1n (@nav1n0x) |
Bug Bounty | 2023-03-08 | 2023-06-13 |
| 323 | I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. |
SQL injection
GraphQL |
NA |
nav1n (@nav1n0x) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 312 | Dolibarr : unauthenticated contacts database theft |
SQL injection
Security code review |
Dolibarr |
Vladimir |
Bug Bounty | 2023-03-13 | 2023-06-13 |
| 298 | IP spoofing and SQL injection in Textcube |
SQL injection
IP spoofing
HTTP header attack
Security code review |
Textcube |
Sjoerd Langkemper |
Bug Bounty | 2023-03-15 | 2023-06-13 |
| 145 | How I Chained an Information Disclosure Bug with SQL Injection |
SQL injection
.git folder disclosure |
NA |
Mba-oji Chiagoziem (@g0ziem) |
Bug Bounty | 2023-04-30 | 2023-06-13 |
| 129 | Automating SQL Injection On Encrypted Request |
SQL injection
Client-side encryption bypass |
NA |
Janirudransh |
Bug Bounty | 2023-05-03 | 2023-06-13 |
| 94 | Pimcore: One click, two security vulnerabilities |
Path traversal
SQL injection
Arbitrary file write
RCE
Security code review |
Pimcore |
Yaniv Nizry (@YNizry) |
Bug Bounty | 2023-05-15 | 2023-06-13 |
| 69 | Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large Online Media Leader |
SQL injection |
NA |
nav1n (@nav1n0x) |
Bug Bounty | 2023-05-20 | 2023-06-13 |
| 66 | I helped a top Indian health benefits management platform from major PII leak by hacking their SQL Servers, AWS instance, DCs etc. |
SQL injection |
NA |
nav1n (@nav1n0x) |
Bug Bounty | 2023-05-22 | 2023-06-13 |
| 51 | Utilizing Historical URLs of an Organization to successfully execute SQL queries — Blind SQLi |
Blind SQL injection |
NA |
Aayush Vishnoi (@AayushVishnoi10) |
Bug Bounty | 2023-05-26 | 2023-06-13 |
| 40 | Kramer VIA GO² – Multiple issues |
RCE
SQL injection
Arbitrary file upload
Arbitrary file read |
Kramer |
Jim Rush (@JimSRush) |
Bug Bounty | 2023-05-31 | 2023-06-13 |
| 35 | Bypassing An Industry-Leading WAF and Exploiting SQLi |
SQL injection
WAF bypass |
NA |
Adeeb Shah |
Bug Bounty | 2023-06-01 | 2023-06-13 |
