Browsed by
Category: #BugBounty

Exploiting Time-Based Blind SQL Injection With SQLMap

Exploiting Time-Based Blind SQL Injection With SQLMap

In this post, I will share details about a time-based blind SQL injection vulnerability I found on a private bug bounty program through HackerOne. This was also my first bug bounty on the platform. From this post by Acunetix, SQL Injection vulnerabilities can be classified into three major categories:- In-band SQL Injection, Inferential SQL Injection and Out-of-band SQL Injection. Types of SQL Injections In-band SQL injections allow the attacker to use the same communication channel to both launch the attack…

Read More Read More

Account Takeover Through Host Header Injection

Account Takeover Through Host Header Injection

In this post, I will explain what are host header injection attacks and how I found one in a private bug bounty program that led to full user account take over. The Anatomy of a HTTP Request Before we define what is a host host header injection attack, we need to first delve into the anatomy of a HTTP request. A HTTP request is generally divided into 3 parts, that include a request line, set of header fields and a…

Read More Read More