Cool Blind #SQLi . The target has an admin login page where certain methods are allowed. I found the API endpoint for the admin login and sent the same payload. Success.

POST /admin/login ==> 405
POST /api/v01/admin/login ==> 200 OK + Blind SQLi
By:N$ 🍥

#bugbountytips

Tu peux appeler ton fils Daniel normal, jcroyais c'était un nom de non croyant ça moi 🤣🤦🏻‍♂️

created a powerful Blind SQLi tool that detect sqli with 100% acuracy with 0% false postive issue uploading soon..
just working on the all types payloads for different DBMS

🚨Alert🚨CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack
🔥PoC: support.zabbix.com/browse/ZBX-245…
🔥PoC: github.com/W01fh4cker/CVE…
⚠This time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing

Bonjour et bon lundi ! Voici un outil qui devrait vous être utile et spotté par l'ami Korben : webcopilot. Il offre un grand nombre de tests pour dénicher les erreurs de type xss, sqli, lfi, ssrf ... et scanne un certain nombre de vulnérabilités ⬇️

github.com/h4r5h1t/webcop…

Cool Blind #SQLi . The target has an admin login page where certain methods are allowed. I found the API endpoint for the admin login and sent the same payload. Success.

POST /admin/login ==> 405
POST /api/v01/admin/login ==> 200 OK + Blind SQLi #bugbounty #SQLi

⚠️⚠️CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack

🎯90k+ Results are found on the en.fofa.info nearly year.

FOFA Link🔗: en.fofa.info/result?qbase64…

FOFA Query: app='ZABBIX-Monitoring'

PoC🔖: github.com/W01fh4cker/CVE…
Refer🔖:

Blind SQL injection does not only reveal with content change, 'behavior change' is the key here. In this example, while the server responds in 160ms, when you add 'or 6=6', it responds in ~6500ms. Because the SQLi query was successful, and took its time.
#bugbounty #bugbounty tips

🚨 Grave vulnerabilidad SQLi en Zabbix

➡️ CVE-2024-22120 (CVSS 9.1)

securityonline.info/cve-2024-22120…

Decompiled an Android app and discovered an endpoint vulnerable to SQLi.
Don't overlook mobile apps. they can be a goldmine for juicy things

#bugbounty #bugbounty tips

ZoomEye's new plan is now available, starting at only $19! Link👉zoomeye.hk/pricing?from=M…
If you want to know more cybersecurity information, please join👉t.me/+dUkJzl6rPHxjN…

🚨🚨 Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack
CVE-2024-22120 CVSS score:9.1

#nullhyd learning about manual sqli

done with all SQLi and NoSQLi from PortSwigger next move on file upload

GitHub - Stuub/CVE-2024-32640-SQLI-MuraCMS: CVE-2024-32640 | Automated SQLi Exploitation PoC github.com/Stuub/CVE-2024…

Life is good thank you Intigriti for the opportunity to hack for fun and profit i was able to identify SQLi using dorkipty

Dorki.io

#bugbounty #ethicalhacking #cybersec #hackforgood

Utilizing Historical URLs of an Organization to successfully execute SQL queries — Blind SQLi | by Aayush Vishnoi | Medium medium.com/@ar_hawk/utili…

Does anyone have Akamai bypassed SQLi payload? I am ready for a 50-50 bounty split.

CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack securityonline.info/cve-2024-22120…

Automated SQLi Exploitation of Mura & Masa CMS via CVE-2024-32640
thank to my friend Stuart Beck \ @stuub for amazing work !
github.com/Stuub/CVE-2024…

Manual testing can be both fun and insightful, especially when you have a error like SQLSTATE[HY000] to guide you, it's a great way to sharpen your skills. Today I did a full manual testing using Burpsuite on a target and got it correct., it was fun.. #BugBounty #SQLi