N$ 🍥 on Twitter: "I was testing an app's #oauth2 today and randomly inject the payload "0'XOR(if(now()=sysdate(),sleep(6-2),0))XOR'Z", with php extension, and booom it was blind #SQLinjection...wt**, never knew SQLi payloads can be
Test Payload: 'XOR(if(now()=sysdate(),sleep(10),0))OR' · Issue #4091 · sqlmapproject/sqlmap · GitHub
N$ 🍥 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks
Blind SQL Injection Detection and Exploitation (Cheatsheet) | by Ansar Uddin | Medium
Blind SQL Injection Detection and Exploitation (Cheatsheet) | by Ansar Uddin | Medium
Protea King Arctic Ice - 0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z - Public albums | Sierra Flower Finder
spread love on Twitter: "Time-based SQLi with two payloads injected in the following headers: 1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" 2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Both payloads were executed and the ...
Lab: Blind SQL injection with conditional errors | Web Security Academy
Lu3ky13 on Twitter: "how I found XSS AND SQL INJECTION 1 I found text.php 2 I used Arjun to find parameters 3 text.Php?m=1'xss and SQL done, I submitted to h1 #bugbounty #hackerone #