$5000 Bounty Time-Based SQL Injection Manual Exploitation | Bug Bounty POC

$5000 Bounty Time-Based SQL Injection Manual Exploitation | Bug Bounty POC | delays & Info retrieval

Рет қаралды 10,870

9 ай бұрын

Disclamer: The Video Content Has been made available informational and educational purposes only
------------------------------------------------------------------------
1;(SELECT+SLEEP(5))--
1;(SELECT IF(MID(VERSION(),1,1) = '5', SLEEP(15), 0))-- will cause no delay
1;(SELECT IF(MID(VERSION(),1,1) = '8', SLEEP(15), 0))-- will cause delay
This query is designed to perform a time-based SQL injection attack in order to determine whether the version of the MySQL database starts with the digit '8'.
1; = The initial "1;" appears to be part of the original query and is followed by a semicolon. This semicolon terminates the legitimate SQL statement that precedes it.
(SELECT IF(MID(VERSION(),1,1) = '8', SLEEP(15), 0)): This subquery contains a conditional statement using the "IF" function. The goal of this subquery is to check whether the first character of the database version (obtained using the "VERSION()" function) is equal to '8'. If it is, the subquery executes "SLEEP(15)", causing a delay of 15 seconds. Otherwise, it executes "0".
MID(VERSION(),1,1): The "MID" function extracts a substring from the "VERSION()" output. Here, it retrieves the first character (at position 1) of the database version string.
= '8': This comparison checks if the first character of the version is equal to '8'.
IF(..., SLEEP(15), 0): The "IF" function evaluates the condition. If the condition is true (i.e., the version starts with '8'), it executes "SLEEP(15)" to cause a 15-second delay. If the condition is false, it executes "0".
--: The double hyphens (--) mark the beginning of a comment in SQL
------------------------------------------------------------------------
.:: Hastag #BugBounty ::.
Bug Bounty, bug Bounty PoC, bug Bounty xss, bug Bounty 2023, hackerone, bug Bounty Reward, bug Bounty IDOR, bug Bounty SQL, bug Bounty Account Take Over, bug Bounty rce, bug Bounty write up, parkerzanta, 2fa bypass, XSS on Hidden input, XSS Bug Bounty, OTP Bypass Bug bounty PoC, No Rate limit Bug bounty PoC, Remote Code Execution, RCE bug bounty, RCE PoC, Bugcrowd Bug Bounty, Google Bug Bounty, Google XSS, Subdomain take over, Subdomain take over Bounty
------------------------------------------------------------------------
Twitter: / abhishekmorla
Website: abhishekmorla.netlify.app/
Linkedin: / abhishekmorla
------------------------------------------------------------------------

Пікірлер: 22

@faique2995 9 ай бұрын

Congrats bro🎉 I think this is a widely used software, Did you get CVE?

@adhurealfaz9582 9 ай бұрын

bhaut gajab bhai...... bhai blind sqli exploit krne ka koi method skte ho jo paaka kaam kre or ek baat h ke ,ek website pr php file upload hori h aur burpsuite mai uska path bhe pta chal raha hai ab aage kaise kru bta skte ho bhai....?

@SoloLearning-bi3os 7 ай бұрын

It's really very cool! I want to reach your level someday. How many years have you been doing this?

@abhishekmorla1 7 ай бұрын

Since covid

@user3549 5 ай бұрын

same bro

@CCCamClip 9 ай бұрын

🎉🎉🎉

@neerajsihag 9 ай бұрын

Noice

@nadakuditigopikrishna6587 7 ай бұрын

The process seems simple but in real time not getting any SQL errors in pages.

@abhishekmorla1 7 ай бұрын

have you go through js analysis?

@easydosh73 7 ай бұрын

@@abhishekmorla1 Can u give some enlighten to do js analysis, please?

@doshamitv5020 8 ай бұрын

how did you fine &perpage parametr?

@abhishekmorla1 8 ай бұрын

by source code

@doshamitv5020 8 ай бұрын

nice , please can you tell me how i can bypass limitation from wordpress login? they asked me to complete captcha numbers , is there a way you familiar with ? @@abhishekmorla1