š Blind SQL injection on id.indrive.com
A blind SQL injection was found on id.indrive.com that allowed an attacker to retrieve information from the database by using conditional responses.
| Url | Type | Bounty |
|---|---|---|
| https://hackerone.com/reports/2051931 | Blind SQL Injection | $4,134 |
š“ Super Blind SQL Injection
| Url | Type | Bounty |
|---|---|---|
| https://hackerone.com/reports/2051931 | Blind SQL Injection | $20,000 |
š“ Super Blind SQL Injection
Today, Iām explaining the exploitation of the error-based SQL injection via XPATH injection. This vulnerability was discovered during a private pen-test engagement.
| Url | Type | Bounty |
|---|---|---|
| https://sklnhunt.github.io/posts/xpathinjectionerrorbased/ | Error Based SQL Injection | - |