>

🚀 We've added new community writeups and a Web3 section! Click here to see what's new.

🐛 Bug Bounty Hunting Search Engine

Made with ❤️ by @payloadartist
NEW
Example search: http://bugbountyhunting.com/?q=keyword
Found 357 resources related to injection in 6.30 ms
✍️ Awesome host header injection worth 2k
✍️ Regular expression injection, a code review low hanging fruit
✍️ My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection
✍️ Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2
✍️ How i got easy $$$ for SQL Injection Bug
✍️ Turning Blind Error Based SQL Injection into Exploitable Boolean One
✍️ RCE via Server-Side Template Injection
✍️ Beyond the wall: command injection still alive.
✍️ Error-Based SQL Injection on a WordPress website and extract more than 150k user details
✍️ GitHub - RCE via git option injection (almost) - $20,000 Bounty
✍️ SQL Injection & Remote Code Execution - Double P1
✍️ Accessing the website directly through its IP address, a case of a poorly hidden sql injection
✍️ From SQL Injection to Hall Of Fame
✍️ Disclosing wifi password via content provider injection in Xiaomi
✍️ Blind OS Command Injection
✍️ Blind SQL Injection at fasteditor.hema.com
✍️ Bug HTML Injection On Tokopedia !
✍️ From Host Header injection to SQL injection
✍️ Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection
✍️ SMTP Injection in Gsuite
✍️ HUNT for SQL Injection- The Smart Way!
✍️ The “P5” Link Injection Story
✍️ Reflected XSS on Microsoft.com via Angular Js template injection
✍️ [Bug Bounty Writeups] Exploiting SQL Injection Vulnerability
✍️ Tricky Oracle SQL Injection Situation
✍️ Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability
✍️ How I earned $800 for Host Header Injection Vulnerability
✍️ [Bug Bounty] Email Content Injection
✍️ Got Easiest Bounty with HTML injection via email confirmation!
✍️ Google Ads Self-XSS & Html Injection $5000
✍️ SQL Injection Via Stopping the redirection to a login page
✍️ Hyperlink Injection - Easy Money (sometimes)
✍️ How I was able to take over any users account with host header injection
✍️ HTML Injection(Unique Exploitation)
✍️ Exploiting HTML Injection in Email
✍️ Stored Iframe Injection + CSRF = Account Takeover 😎😎
✍️ Multiple Host Header Attacks after bypassing protection with… a Header Attack
✍️ HTML Injection to XSS bypass in [REDACTED.com]
✍️ Command Injection Through BLH
✍️ Finding SQL injections fast with white-box analysis — a recent bug example
✍️ Spear texting via parameter injection
✍️ RCE with Flask Jinja Template Injection
✍️ Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection
✍️ SQL Injection in private-site.com/login.php
✍️ Solr Injection by abusing Local Parameters on Zomato.com
✍️ Not a fancy bug, just HTML Injection in Clause - clause.io (Write Up)
✍️ Exploiting a Tricky Blind SQL Injection inside LIMIT clause
✍️ SQL Injection in Forget Password Function
✍️ SQL Injection Bug Bounty POC!
✍️ CSV injection at Comment Section.
✍️ SQl Injection
✍️ Bypassing CSP with policy injection
✍️ SQL injection through User-Agent
✍️ Handlebars template injection and RCE in a Shopify app
✍️ Comma is forbidden! No worries!! Inject in insert/update queries without it
✍️ SQL injection for $50 bounty, but still worth reading!!
✍️ Frappé Technologies ERPNext Server Side Template Injection
✍️ Command Injection PoC
✍️ When Cookie Hijacking + HTML Injection become dangerous
✍️ RCE in Hubspot with EL injection in HubL
✍️ Digging in to SCP Command Injection
✍️ Love Story Of A Account Takeover (Chaining Host Header Injection To Takeover Someones Account)
✍️ Unauthenticated RSFTP to Command Injection
✍️ Cookie-based-injection XSS making exploitable with-out exploiting other Vulns
✍️ Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
✍️ SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
✍️ SQL Injection Vulnerability In University Of Cambridge
✍️ CRLF Injection Into PHP’s cURL Options
✍️ Making a Blind SQL Injection a Little Less Blind
✍️ Exfiltration via CSS Injection
✍️ SQL Injection and A silly WAF
✍️ Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
✍️ Setting arbitrary request headers in Chromium via CRLF injection
✍️ Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution
✍️ #BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection.
✍️ Searching for XSS found LDAP injection
✍️ Link injection on 2 Twitter Subdomain
✍️ Union Based Sql injection Write up ->A private Company Site
✍️ #BugBounty — Exploiting CRLF Injection can lands into a nice bounty
✍️ SQL injection with load file and into outfile
✍️ Facebook mailto injection leads to social engineering & spam attack
✍️ Reflected XSS + Possible Server Side Template Injection in HubSpot CMS ( All Websites Uses HubSpot was affected )
✍️ Reflected XSS via AngularJS Template Injection
✍️ Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905]
✍️ Don’t Trust the Host Header for Sending Password Reset Emails
✍️ CRLF injection in blockchain.info
✍️ Chain the vulnerabilities and take your report impact on the moon (CSRF to HTML INJECTION which results OPEN REDIRECT and could steal USER CREDENTIALS)
✍️ SQL injection in an UPDATE query - a bug bounty story!
✍️ Command Injection Without Spaces
✍️ Link Injection Manipulation at admin.google.com
✍️ [demo.paypal.com] Node.js code injection (RCE)
✍️ CSV Injection -> Meterpreter on Pornhub
✍️ Yahoo Login Protection Seal – Stored CSS Injection
✍️ Command injection which got me “6000$” from #Google
✍️ SQL Injection On MEGA.NZ
✍️ Yahoo – Root Access SQL Injection – tw.yahoo.com
✍️ Step-by-step: exploiting SQL injection(s) in Oculus’ website.
✍️ Tesla Motors blind SQL injection
✍️ PayPal Bug Bounty: PayPaltech.com E-Mail Injection
✍️ SQL injections in Nokia sites.
✍️ [VDP] How HTML injection in email got me my first swag! | by SpoopyHost
✍️ Error Based MSSQL Injection | Everything Vulns
✍️ [VDP] How I Found My First SQL Injection In NASA | by Kapeka
✍️ My First NoSQL Injection Bug | by Burhanu Rasheed
✍️ SQL Injection for Noobs | by Hacking articles
✍️ SQL Injection via hidden parameter | by Rutik Hajare
✍️ Directory Traversal, SQL Injection and Server-Side Request Forgery
✍️ Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
✍️ Bypassing airport security via SQL injection
✍️ Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
✍️ WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)
✍️ World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem
✍️ Another 1500$: CR/LF Injection
✍️ Git-Syncing into Trouble: Exploring Command Injection Flaws in Kubernetes
✍️ No Database No Table, how do you do MSSQL Injection?
✍️ JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory
✍️ Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
✍️ Sorry, ChatGPT Is Under Maintenance: Persistent Denial of Service through Prompt Injection and Memory Attacks
✍️ The PDF Trojan Horse: Leveraging HTML Injection for SSRF and Internal Resource Access
✍️ When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
✍️ MongoDB NoSQL Injection with Aggregation Pipelines
✍️ Discovering a CRLF Injection Vulnerability: My Journey into the MSRC Blog Website
✍️ GitHub Copilot Chat: From Prompt Injection to Data Exfiltration
✍️ Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable
✍️ Hacking Apple - SQL Injection to Remote Code Execution
✍️ Relative Path File Injection: The Next Evolution in RPO
✍️ Lethal Injection: How We Hacked Microsoft's Healthcare Chat Bot
✍️ Code Injection to RCE with .NET
✍️ CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
✍️ Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix
✍️ 1500$: CR/LF Injection
✍️ CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster
✍️ CRLF Injection Shenanigans
✍️ OpenOlat - XML external entity (XXE) injection (CVE-2024-28198)
✍️ CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/deletion Vulnerability
✍️ From CRLF Injection to XSS: Elevating the Stakes in Apple iTunes Security
✍️ Exploiting Kubernetes through Operator Injection
✍️ CVE-2023-5372 - Post-auth blind Python code injection vulnerabilities in Zyxel’s NAS326 and NAS542 devices
✍️ XML External Entity injection with error-based data exfiltration
✍️ Unleashing the power of CSS injection: The access key to an internal API
✍️ SQL Injection on PostgreSQL
✍️ A Straight 5-hour Escalation! Exploiting Boolean-Based SQL Injection.👽
✍️ CVE-2024–22720 / HTML Injection Vulnerability in Kanboard Group Management
✍️ How I Found SQL Injection worth of $4,000 bounty
✍️ Apache Lucene Injection on Auth0 Integration
✍️ npm search RCE? - Escape Sequence Injection
✍️ OS Command Injection in cPH2 Charging Station <2.0.0 (CVE-2023-46359 and CVE-2023-46360)
✍️ Argument injection vulnerability in multiple Atos Unify OpenScape products
✍️ CVE-2023-37927 & CVE-2023-37928 - Multiple post-auth blind OS command and Python code injection vulnerabilities in Zyxel’s NAS326 devices
✍️ CVE-2023-4473 & CVE-2023-4474 - Authentication bypass and multiple blind OS command injection vulnerabilities in Zyxel’s NAS326 devices
✍️ Hacking Google Bard - From Prompt Injection to Data Exfiltration
✍️ Blog Post: Bypassing an Admin Panel with SQL Injection
✍️ Behind the Query: Unearthing NTLM Hashes with SQL Injection
✍️ Uncovering a Command Injection, $2400 Bounty
✍️ [CVE-2023–38743] ManageEngine ADManager Command Injection
✍️ XPATH Injection - Exploiting Error-based SQL Injection
✍️ $1,250 worth of Host Header Injection
✍️ Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes
✍️ CVE-2023-35150: Arbitrary Code Injection In XWiki.Org XWiki
✍️ InfluxDB NoSQL Injection
✍️ My first Critical on hackerone with a $6,400 bounty — SQL Injection
✍️ CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability
✍️ Blind SQL injection with a little WAF
✍️ Unexpected Zero in MySQL Injection
✍️ CVE-2023-36934 Analysis: MOVEit Transfer SQL Injection
✍️ How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project
✍️ Server-side Template Injection Leading to RCE on Google VRP
✍️ SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget Chain
✍️ Unleashing the Power of Recon: How I Earned $2500 in 5 Minutes
✍️ Taking Entire server control Part 2 of How I Earned $2500 in 5 Minutes | CVE-2017–5638 | OGNL injection | RCE
✍️ How I found a SQL Injection bug in using my cellphone.
✍️ My First Bug is RCE via SQL injection!
✍️ AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice
✍️ SQL Injection in The HTTP Custom Header
✍️ Reflected XSS Injection & Permanent Open Redirection
✍️ Jasper Reports Library Code Injection
✍️ Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
✍️ Blind OS Command Injection via Activation Request
✍️ Blind OS Command Injection via Activation Request
✍️ Stored Iframe Injection & Permanent Open Redirection - Zero Day
✍️ Escaping Parallels Desktop with Plist Injection
✍️ CSS Injection via PostMessages to stealing Credit Card Info
✍️ Cookie Bugs - Smuggling & Injection
✍️ Automating SQL Injection On Encrypted Request
✍️ Azure Devops CICD Pipelines - Command Injection With Parameters, Variables And A Discussion On Runner Hijacking
✍️ How I Chained an Information Disclosure Bug with SQL Injection
✍️ Git Arbitrary Configuration Injection (CVE-2023-29007)
✍️ Popping Tags: Exploiting Template Injections in PRTG Network Monitor
✍️ (CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension
✍️ From payload to 300$ bounty: A story of CRLF injection and responsible disclosure on HackerOne
✍️ CVE-2023-1877 / RCE with Server-Side Template Injection in Microweber
✍️ Exploiting Hibernate Injection in "Order by" Clause (Oracle database)
✍️ Dynamic Linking Injection and LOLBAS Fun
✍️ IP spoofing and SQL injection in Textcube
✍️ Backend Parameter Injection --> RCE
✍️ The story of how I was able to chain SSRF with Command Injection Vulnerability
✍️ I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.
✍️ How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection
✍️ CS-Cart PDF Plugin Unauthenticated Command Injection
✍️ Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability
✍️ [Tips & Tricks] Exfiltrating User's Data Through CSV Injection
✍️ The Tale of a Command Injection by Changing the Logo
✍️ Exploiting an HTML injection with dangling markup
✍️ Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header
✍️ SQL Injection: Utilizing XML Functions in Oracle and PostgreSQL to bypass WAFs
✍️ Blind Time-based SQL injection vulnerability in an Indian government website
✍️ Code Injection via Python Sandbox Escape — how I got a shell inside a network.
✍️ Memcached Command Injections at Pylibmc
✍️ Host Header Injection to Complete Organization takeover
✍️ Bypassing Cloudflare WAF: XSS via SQL Injection
✍️ SSH key injection in Google Cloud Compute Engine [Google VRP]
✍️ CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
✍️ Exploring the World of ESI Injection
✍️ CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?
✍️ Puckungfu: A NETGEAR WAN Command Injection
✍️ Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application
✍️ Param Hunting to Injections
✍️ Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia
✍️ Exploiting an SQL injection with WAF bypass
✍️ A03:2021 — [Injection] SQL Injection through internal directory disclose
✍️ The most underrated injection of all time — CYPHER INJECTION. How I found and exploited it ?
✍️ Command Injection in Asus M25 NAS
✍️ From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225)
✍️ Exploiting an N-day vBulletin PHP Object Injection Vulnerability
✍️ CVE-2022-40300: SQL Injection In Manageengine Privileged Access Management
✍️ Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk
✍️ SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution
✍️ Sleep SQL injection on Name Parameter While Updating Profile
✍️ Blind SQL Injection on Delete Request
✍️ A 250$ CSS Injection — My First Finding on Hackerone!
✍️ CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
✍️ Story about Escalation of HTML Injection to EC2 Instance credentials leak
✍️ Code Injection and SQLi in WP ALL Export Pro
✍️ SQL Injection in GraphQL
✍️ CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE
✍️ Error based SQL Injection with WAF bypass manual Exploit 100%
✍️ Stored XSS in Nvidia via Angular JS template injection
✍️ Making HTTP header injection critical via response queue poisoning
✍️ How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
✍️ TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531)
✍️ Parameters in Lambda Functions that lead to XSS and Injection
✍️ Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database Takeover
✍️ How can i get SQL Injection
✍️ Google & Apache Found Vulnerable to GitHub Environment Injection
✍️ AngularJS Client-Side Template Injection: The orderBy Filter.
✍️ Found SQL Injection Vulnerability on Government Organization Website!
✍️ Command Injection in the GitHub Pages Build Pipeline
✍️ Securing Developer Tools: Argument Injection in Visual Studio Code
✍️ Blind command injection
✍️ XSS via Angular Template Injection
✍️ UN United Nations Host Header Injection leads to any Full Account Takeover (ATO)
✍️ Exploiting CVE-2022-24816: A Code Injection In The Jt-jiffle Extension Of Geoserver
✍️ Process injection: breaking all macOS security layers with a single vulnerability
✍️ Google Cloud Shell - Command Injection
✍️ Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
✍️ QNAP Poisoned XML Command Injection (Silently Patched)
✍️ (ZOHO) Manage Engine Desktop Central – SQL Injection / Arbitrary File Write
✍️ How I Earned €150 in 2 Minutes | HTML injection in email
✍️ WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security
✍️ Subdomain takeover and Text injection on a 404 error page-$100 bounty
✍️ Leveraging the SQL Injection to Execute the XSS by Evading CSP
✍️ Bug Bounty Collaboration and Manual Exploitation of an Interesting Boolean SQL Injection
✍️ Exploiting SQL Injection at Authorization token
✍️ Alternative link
✍️ Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution
✍️ stored XSS and stored HTML Injection in United Nations Website
✍️ HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application
✍️ Hyperlink Injection On IRC Cloud
✍️ Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
✍️ An unusual way to find XSS injection in one minute
✍️ SQL injection to Remote Command Execution (RCE)
✍️ A Simple SQL Injection in an Air Force Website
✍️ The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…
✍️ EJS, Server side template injection RCE (CVE-2022-29078) - writeup
✍️ SQL Injection in Harvard’s Subdomain
✍️ XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain
✍️ How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
✍️ CVE-2021-38159: MOVEit Transfer SQL Injection Analysis
✍️ NoSQL Injection in Plain Sight
✍️ Alternative link
✍️ Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
✍️ iTop – Template Injection inside customer Portal
✍️ My First Blind SQL Injection
✍️ SQL Injection at Spotify
✍️ Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
✍️ What an injection into jQuery-selector can lead to
✍️ CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection
✍️ BigQuery SQL Injection Cheat Sheet
✍️ WordPress < 5.8.3 - Object Injection Vulnerability
✍️ SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes
✍️ Command Injection in Google Cloud Shell
✍️ CVE-2022-21661: Exposing Database Info Via Wordpress SQL Injection
✍️ Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)
✍️ Host Header Injection Lead To Account Takeovers
✍️ SQL Injection - The File Upload Playground
✍️ Microsoft Azure Portal – CSV Injection
✍️ Microsoft Teams – CSV Injection
✍️ HTTP Header Injection In Citrix ADC And Citrix Gateway (CVE-2020-8300, CVE-2021-22927)
✍️ Moodle Blind SQL injection via MNet authentication
✍️ How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
✍️ How I found Command Injection via Obsolete PHPThumb
✍️ How i Got 3 SQL injection in just 10 minutes.
✍️ A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
✍️ How I Escalated a Time-Based SQL Injection to RCE
✍️ A short story of Content Spoofing to HTML Injection in Apple using Dangling Markup Injection
✍️ Improper Spring @Query Usage Allows N1QL Injection
✍️ PowerShell script, Unicode quotes and ウィンドウズ - a story of uncommon command injection
✍️ RCE By Code Injection | Perl Reverse Shell
✍️ SQL injection in harvard subdomain
✍️ SQL injection in harvard subdomain
✍️ CVE-2021-39165: A Bug Bounty Journey from a Laravel SQL Injection Vulnerability
✍️ SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection
✍️ Simple HTML Injection to $250
✍️ Taking Over Employee Accounts by Managers with Zero Employee Interaction
✍️ Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth
✍️ Escalating Self-XSS To Stored XSS via Image injection + IDOR
✍️ How I found Blind SQL Injection just by browsing and getting a unique URL
✍️ HTML Injection and a dream in Google Chrome for Linux (Write Up)
✍️ Blind Command Injection - It hurts
✍️ CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads
✍️ Account Takeover via iFrame Injection
✍️ Time-Based SQL Injection to Dumping the Database
✍️ DOS & Stored HTML Injection Bug Bounty Writeup
✍️ NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Grounds A Rocket
✍️ MSSQL Injection In JSON Request
✍️ How I Found Sql Injection on intensedebate.com (h1) in 5 minute $350
✍️ Discoure themes OS Command Injection
✍️ Fun sql injection — mod_security bypass
✍️ An unknown Linux secret that turned SSRF to OS Command injection
✍️ How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company
✍️ Leveraging Template injection to takeover an account.
✍️ Content Injection (RCE) in Yandex Browser for Android [2018]
✍️ Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅)
✍️ Redwood Report2Web XSS and Frame injection
✍️ Analysing Crash Messages To Achieve Blind Root Command Injection
✍️ OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection
✍️ How I earned $800 for Host Header Injection Vulnerability
✍️ Multiple Host Header Attacks after bypassing protection with… a Header Attack
✍️ HTML Injection to XSS bypass in [REDACTED.com]
✍️ CRLF injection allow => cookie injection in root domain & xss
✍️ SQL Injection in private-site.com/login.php
✍️ Not a fancy bug, just HTML Injection in Clause - clause.io (Write Up)
✍️ ESI Injection Part 2: Abusing specific implementations
✍️ X Forwarded for SQL injection
✍️ Unauthenticated RSFTP to Command Injection
✍️ SQL Injection Vulnerability In University Of Cambridge
✍️ Unauthenticated Command Injection Vulnerability in VMware NSX SD-WAN by VeloCloud
✍️ Link injection on 2 Twitter Subdomain
✍️ Beyond XSS: Edge Side Include Injection
✍️ Reflected XSS + Possible Server Side Template Injection in HubSpot CMS ( All Websites Uses HubSpot was affected )
✍️ Facebook chat / dashboard content injection
✍️ SQL Injection in rog.asus.com
✍️ Practical Exploitation of Error Based Sql Injection
✍️ SQL injection in an UPDATE query - a bug bounty story!
✍️ Type Juggling and PHP Object Injection, and SQLi, Oh My!
✍️ [demo.paypal.com] Node.js code injection (RCE)
✍️ XSS without HTML: Client-Side Template Injection with AngularJS

Frequently Asked Questions

The following are frequently asked questions about common vulnerabilities and security misconfigurations found during bug bounty hunting. Understanding these concepts is crucial for anyone starting their bug hunting journey.

What is an XSS vulnerability? Cross-Site Scripting (XSS) attacks are a type of injection attack in which malicious scripts are inserted into otherwise trustworthy and innocuous websites. XSS attacks occur when an attacker uses a web application to send malicious code to a particular end user, usually in the form of a browser side script. The flaws that enable these attacks to succeed are common and can be found wherever a web application uses input from a user within the output it generates without validating or encoding it.

There are mainly 3 types of XSS:

What is an IDOR vulnerability? When a web application or API exposes a reference to an internal implementation object, it is referred to as Insecure Direct Object Reference (IDOR). This method exposes the element's true identifier and the data format it uses. This is a common access control flaw.

An example would be an API that gives you access to data belonging to other users, through an endpoint - /api/users/:id where an attacker can fetch data of any user by manipulating the id parameter.
What is an SSRF vulnerability? In a Server-Side Request Forgery (SSRF) attack, the attacker can read or update internal resources by abusing server features. The attacker may supply or change a URL to which the server's code can read or send data, and by carefully choosing the URLs, the attacker might be able to read server configuration such as AWS metadata, connect to an internal service, or access sensitive files.
What is a SQLi vulnerability? A SQL injection attack involves inserting or "injecting" a SQL query into the application through the client's input data. An effective SQL injection exploit can read sensitive data from the database, alter database data (Insert/Update/Delete), and even perform database administration operations.
What is an RCE vulnerability? If user input is inserted into a File or a String and then executed (evaluated) by the backend programming language's parser, a remote code execution (RCE) vulnerability can be exploited. A Remote Code Evaluation will result in the entire web application and web server being compromised as it allows an attacker to execute arbitrary commands on the server.
How can I reach you? If you have any feedback or, concerns about this site, I can be reached on Twitter.