Top SQLI reports from HackerOne:
- SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database to Starbucks - 757 upvotes, $0
- SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent to GSA Bounty - 679 upvotes, $0
- Time-Based SQL injection at city-mobil.ru to Mail.ru - 631 upvotes, $15000
- SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter to Razer - 580 upvotes, $2000
- SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog to Razer - 528 upvotes, $2000
- SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 473 upvotes, $0
- Blind SQL Injection to InnoGames - 432 upvotes, $2000
- SQL injection at fleet.city-mobil.ru to Mail.ru - 372 upvotes, $10000
- SQL Injection in report_xml.php through countryFilter[] parameter to Valve - 365 upvotes, $25000
- [windows10.hi-tech.mail.ru] Blind SQL Injection to Mail.ru - 330 upvotes, $5000
- SQL Injection on cookie parameter to MTN Group - 308 upvotes, $0
- [www.zomato.com] SQLi - /php/██████████ - item_id to Zomato - 305 upvotes, $4500
- SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter to Razer - 240 upvotes, $2000
- [api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥] to Razer - 232 upvotes, $4000
- Boolean-based SQL Injection on relap.io to Mail.ru - 227 upvotes, $0
- SQL Injection in agent-manager to Acronis - 225 upvotes, $0
- Blind SQL Injection in city-mobil.ru domain to Mail.ru - 224 upvotes, $2000
- Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 219 upvotes, $0
- SQL Injection in www.hyperpure.com to Zomato - 214 upvotes, $2000
- Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues) to Pornhub - 211 upvotes, $0
- Blind SQL Injection on starbucks.com.gt and WAF Bypass :* to Starbucks - 203 upvotes, $0
- Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" to QIWI - 194 upvotes, $0
- SQLi at https://sea-web.gold.razer.com/demo-th/purchase-result.php via orderid Parameter to Razer - 183 upvotes, $2000
- www.drivegrab.com SQL injection to Grab - 181 upvotes, $4500
- Blind SQL injection in Hall of Fap to Pornhub - 179 upvotes, $0
- Sql injection on docs.atavist.com to Automattic - 160 upvotes, $0
- SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ to Mail.ru - 156 upvotes, $7500
- bypass sql injection #1109311 to Acronis - 153 upvotes, $0
- SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter to HackerOne - 150 upvotes, $0
- Blind SQL injection on id.indrive.com to inDrive - 142 upvotes, $4134
- SQL Injection Union Based to Automattic - 126 upvotes, $0
- SQL injection in Razer Gold List Admin at /lists/index.php via the
list[]
parameter. to Razer - 122 upvotes, $2000 - [intensedebate.com] SQL Injection Time Based On /js/commentAction/ to Automattic - 121 upvotes, $0
- SQL Injection at api.easy2pay.co/add-on/get-sig.php via partner_id Parameter to Razer - 119 upvotes, $2000
- SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution to QIWI - 118 upvotes, $0
- SQL Injection at https://files.palantir.com/ due to CVE-2021-38159 to Palantir Public - 114 upvotes, $0
- SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai to Krisp - 112 upvotes, $0
- SQL injection on admin.acronis.host development web service to Acronis - 108 upvotes, $0
- SQL injection in https://www.acronis.cz/ via the log parameter to Acronis - 96 upvotes, $0
- turboslim.lady.mail.ru - Blind sql-injection. to Mail.ru - 93 upvotes, $5000
- SQL Injection intensedebate.com to Automattic - 89 upvotes, $0
- SQL injection on jd.mail.ru to Mail.ru - 87 upvotes, $300
- 3igames.mail.ru SQL Injection to Mail.ru - 86 upvotes, $1500
- Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID to QIWI - 84 upvotes, $0
- SQL Injection on sctrack.email.uber.com.cn to Uber - 83 upvotes, $4000
- Blind SQL Injection at http://easytopup.in.th/es-services/mps.php via serial_no parameter to Razer - 80 upvotes, $1000
- SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
- SQL Injection in CVE Discovery Search to HackerOne - 79 upvotes, $0
- [Found Origin IP's Lead To Access To Grafana Instance , PgHero Instance [ Can SQL Injection ] to Omise - 78 upvotes, $0
- SQL injection delivery-club.ru (ClickHouse) to Mail.ru - 76 upvotes, $5000
- Time based SQL injection at████████ to U.S. Dept Of Defense - 75 upvotes, $0
- Arbitrary SQL command injection to Nextcloud - 74 upvotes, $0
- SQL Injection on https://www.olx.co.id to OLX - 74 upvotes, $0
- [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php to Automattic - 72 upvotes, $0
- SQL injection at https://sea-web.gold.razer.com/demo-th/goto-e2p-web-api.php via Multiple Parameters to Razer - 71 upvotes, $2000
- RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 71 upvotes, $0
- SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
- SQL Injection at https://████ via ███ parameter to Sony - 70 upvotes, $0
- Blind SQL Injection(Time Based Payload) in https://www.easytopup.in.th/store/game/digimon-master via CheckuserForm[user_id] to Razer - 68 upvotes, $1000
- [https://reviews.zomato.com] Time Based SQL Injection to Zomato - 67 upvotes, $1000
- Blind SQL injection at tsftp.informatica.com to Informatica - 66 upvotes, $0
- SQL Injection on prod.oidc-proxy.prod.webservices.mozgcp.net via invite_code parameter - Mozilla social inscription to Mozilla - 64 upvotes, $0
- SQL Injection at https://lite.r-keeper.ru/site_api/clients/derision/?lang=ru to Mail.ru - 62 upvotes, $1500
- [www.zomato.com] Blind SQL Injection in /php/geto2banner to Zomato - 60 upvotes, $2000
- [www.zomato.com] SQLi on
order_id
parameter to Zomato - 60 upvotes, $1000 - Blind SQL injection in third-party software, that allows to reveal user statistic from rocket.chat and possibly hack into the rocketchat.agilecrm.com to Rocket.Chat - 60 upvotes, $0
- [www.zomato.com] Union SQLi + Waf Bypass to Zomato - 58 upvotes, $1000
- Time-base SQL Injection in Search Users to Concrete CMS - 58 upvotes, $0
- SQL injection in 3rd party software Anomali to Uber - 57 upvotes, $2500
- Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 55 upvotes, $0
- Time Based SQL Injection to U.S. Department of State - 55 upvotes, $0
- SQL injection at ███████ to Sony - 53 upvotes, $0
- Blind SQL Injection on news.mail.ru to Mail.ru - 52 upvotes, $3000
- SQL Injection https://www.olx.co.id to OLX - 52 upvotes, $0
- Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID to QIWI - 52 upvotes, $0
- A SQL injection vulnerability in Vanilla to Vanilla - 51 upvotes, $600
- SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) to LocalTapiola - 50 upvotes, $1350
- [contact-sys.com] SQL Injection████ limit param to QIWI - 50 upvotes, $0
- SQL Injection in IBM access control panel & Broken access in admin panel to IBM - 49 upvotes, $0
- [www.zomato.com] Blind SQL Injection in /php/widgets_handler.php to Zomato - 46 upvotes, $2000
- SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, $0
- Vanilla SQL Injection Vulnerability to Vanilla - 45 upvotes, $600
- SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, $0
- [city-mobil.ru/taxiserv/] SQLi at /taxiserv/tariffs/dictionary at filter{"id_locality"} param to Mail.ru - 44 upvotes, $0
- Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru to Mail.ru - 41 upvotes, $1500
- SQLI on uberpartner.eu leads to exposure of sensitive user data of Uber partners to Uber - 41 upvotes, $1500
- SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi) to LocalTapiola - 41 upvotes, $0
- [www.zomato.com] Boolean SQLi - /█████.php to Zomato - 40 upvotes, $1000
- Type Juggling -> PHP Object Injection -> SQL Injection Chain to ExpressionEngine - 39 upvotes, $0
- SQL injection in MilestoneFinder order method to GitLab - 38 upvotes, $2000
- SQL injection in Wordpress Plugin Huge IT Video Gallery at https://drive.uber.com/frmarketplace/ to Uber - 37 upvotes, $3000
- Blind SQL Injection to MTN Group - 37 upvotes, $0
- SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi) to LocalTapiola - 36 upvotes, $0
- [www.zomato.com] Boolean SQLi - /███████.php to Zomato - 35 upvotes, $1000
- sql injection via https://setup.p2p.ihost.com/ to IBM - 35 upvotes, $0
- Blind Sql Injection https:/████████ to U.S. Dept Of Defense - 35 upvotes, $0
- SQL Injection at https://lite.r-keeper.ru/site_api/localize/translate/rklscommon/ru to Mail.ru - 34 upvotes, $1500
- Blind SQL injection [https://honor.hi-tech.mail.ru] to Mail.ru - 33 upvotes, $300
- Time-based Blind SQLi on news.starbucks.com to Starbucks - 33 upvotes, $0
- sqli to Ubiquiti Inc. - 33 upvotes, $0
- [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN to QIWI - 32 upvotes, $0
- SQL injection in URL path processing on www.ibm.com to IBM - 31 upvotes, $0
- Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"} to Mail.ru - 30 upvotes, $3500
- Time Based SQL-inject in post-parametr login[username] [domain - youporn.com] to Pornhub - 30 upvotes, $2500
- SQL Injection found in NextCloud Android App Content Provider to Nextcloud - 30 upvotes, $150
- Sql-inj in https://maximum.com/ajax/people to Radancy - 30 upvotes, $0
- allods.mail.ru sql injection to Mail.ru - 29 upvotes, $0
- SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 29 upvotes, $0
- SQL injection to U.S. Dept Of Defense - 28 upvotes, $0
- SQL Injection on the administrator panel to MTN Group - 28 upvotes, $0
- SQL Injection on
/cs/Satellite
path to LocalTapiola - 27 upvotes, $0 - SQLI on desafio5estrelas.com to Uber - 26 upvotes, $2500
- [ipm.informatica.com] Sql injection Oracle to Informatica - 26 upvotes, $0
- SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi) to LocalTapiola - 26 upvotes, $0
- SQL injection in partner id field on https://www.teavana.com (Sign-up form) to Starbucks - 26 upvotes, $0
- SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
- SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
- Ability to escape database transaction through SQL injection, leading to arbitrary code execution to HackerOne - 25 upvotes, $0
- SQL Injection in the
move_papers.php
on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0 - SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015 to Tennessee Valley Authority - 24 upvotes, $0
- Blind User-Agent SQL Injection to Blind Remote OS Command Execution at █████████ to Sony - 23 upvotes, $0
- SQL Injection through /include/findusers.php to ImpressCMS - 23 upvotes, $0
- SQL injection on ██████████ via 'where' parameter to U.S. Dept Of Defense - 23 upvotes, $0
- gmmovinparts.com SQLi via forgot_password.jsp to General Motors - 22 upvotes, $0
- SQL injection on the https://████/ to U.S. Dept Of Defense - 22 upvotes, $0
- [critical] sql injection by GET method to Khan Academy - 21 upvotes, $0
- SQL Injection, exploitable in boolean mode to Zomato - 20 upvotes, $0
- Blind Based SQL Injection in 3d.sc.money to CS Money - 20 upvotes, $0
- SQL Injection on [█████████] to Sony - 20 upvotes, $0
- SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi) to LocalTapiola - 19 upvotes, $1350
- SQLi allow query restriction bypass on exposed FileContentProvider to Nextcloud - 19 upvotes, $100
- SQL Injection at /displayPDF.php (printshop.engelvoelkers.com) to Engel & Völkers Technology GmbH - 19 upvotes, $0
- SQL Injection in parameter REPORT to Tor - 19 upvotes, $0
- Blind SQL Injection on █████ via URI Path to Mars - 19 upvotes, $0
- SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi) to LocalTapiola - 18 upvotes, $1350
- Blind SQL iNJECTION to U.S. Dept Of Defense - 18 upvotes, $0
- time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 18 upvotes, $0
- SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
- WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure to WordPress - 17 upvotes, $0
- Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
- SQL Injection on █████ to U.S. Dept Of Defense - 17 upvotes, $0
- uchi.ru check_lessons Blind SQL Injection to Mail.ru - 16 upvotes, $750
- Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution to Liberapay - 16 upvotes, $0
- SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi) to LocalTapiola - 15 upvotes, $350
- Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 15 upvotes, $0
- [typeorm] SQL Injection to Node.js third-party modules - 15 upvotes, $0
- https://zest.co.th/zestlinepay/checkproduct API endpoint suffers from Boolean-based SQL injection to Razer - 15 upvotes, $0
- C++: Support Pqxx connector to search for sql injections to Postgres to GitHub Security Lab - 14 upvotes, $4500
- Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
- [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php to MapsMarker.com e.U. - 14 upvotes, $0
- [untitled-model] sql injection to Node.js third-party modules - 14 upvotes, $0
- Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
- [api.easy2pay.co] SQL Injection in cashcard via card_no parameter ⭐️Bypassing IP whitelist⭐️ to Razer - 14 upvotes, $0
- Local SQL Injection in Content Provider (ru.mail.data.contact.ContactsProvider) of Mail.ru for Android, version 12.2.0.29734 to Mail.ru - 14 upvotes, $0
- SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 14 upvotes, $0
- SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
- [query-mysql] SQL Injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database to Node.js third-party modules - 13 upvotes, $0
- SQL injection when configuring a database to ImpressCMS - 13 upvotes, $0
- Code source discloure & ability to get database information "SQL injection" in [townwars.mail.ru] to Mail.ru - 12 upvotes, $0
- blind sql injection to Hanno's projects - 12 upvotes, $0
- SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
- bit.games - sql-inj to Mail.ru - 11 upvotes, $1500
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
- MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
- stripo blog search SQL Injection to Stripo Inc - 11 upvotes, $0
- SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
- Sql Injection At █████████ to U.S. Dept Of Defense - 11 upvotes, $0
- SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, $0
- [city-mobil.ru/taxiserv/] SQLi at /taxiserv/requests path at driver_company param to Mail.ru - 10 upvotes, $0
- Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 10 upvotes, $0
- SQL Injection and plaintext passwords via User Search to IBM - 10 upvotes, $0
- Time-based sql-injection на https://puzzle.mail.ru to Mail.ru - 9 upvotes, $300
- [informatica.com] Blind SQL Injection to Informatica - 9 upvotes, $0
- Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
- Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
- [afocusp.informatica.com] Sql injection afocusp.informatica.com:37777 to Informatica - 8 upvotes, $0
- Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi) to LocalTapiola - 8 upvotes, $0
- SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi) to LocalTapiola - 8 upvotes, $0
- SQL Injection on /webApp/lapsuudenturva (viestinta.lahitapiola.fi) to LocalTapiola - 8 upvotes, $0
- [Android API] SQL injection ( errortoken.json ) to Pornhub - 8 upvotes, $0
- [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
- SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, $0
- SQLi on █████████ to U.S. Dept Of Defense - 8 upvotes, $0
- SQL injection at /admin.php?/cp/members/create to ExpressionEngine - 8 upvotes, $0
- Blind SQL Injection to U.S. Dept Of Defense - 8 upvotes, $0
- SQL injextion via vulnerable doctrine/dbal version to Nextcloud - 8 upvotes, $0
- SQL Injection on https://████████/ to U.S. Dept Of Defense - 8 upvotes, $0
- [cfire.mail.ru] Time Based SQL Injection 2 to Mail.ru - 7 upvotes, $200
- SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
- Blind SQL Injection to ok.ru - 7 upvotes, $0
- SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
- SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
- Weak credentials, Blind SQLi, Timing attack, that leads to web admin access to 50m-ctf - 7 upvotes, $0
- [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
- SQL Injection or Denial of Service due to a Prototype Pollution to Node.js third-party modules - 7 upvotes, $0
- SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, $0
- SQL Injection leads to retrieve the contents of an entire database. to BlockDev Sp. Z o.o - 7 upvotes, $0
- SQL Injection in █████ to U.S. Dept Of Defense - 7 upvotes, $0
- NoSQL injection in listEmojiCustom method call to Rocket.Chat - 7 upvotes, $0
- SQLi on http://sports.yahoo.com/nfl/draft to Yahoo! - 6 upvotes, $0
- SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
- SQL injection [futexpert.mtngbissau.com] to MTN Group - 6 upvotes, $0
- tmgame.mail.ru - Blind sql injection to Mail.ru - 5 upvotes, $250
- [townwars.mail.ru] Time-Based SQL Injection to Mail.ru - 5 upvotes, $150
- [parapa.mail.ru] SQL Injection reapet to Mail.ru - 5 upvotes, $150
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
- sql injection vulnerablity found to Legal Robot - 5 upvotes, $0
- sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
- Golang : Add MongoDb NoSQL injection sinks to GitHub Security Lab - 5 upvotes, $0
- SQL Injection ON HK.Promotion to Yahoo! - 4 upvotes, $0
- caesary.yahoo.net Blind Sql Injection to Yahoo! - 4 upvotes, $0
- SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
- [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 4 upvotes, $0
- SQL injection update.mail.ru to Mail.ru - 3 upvotes, $250
- SQL inj to Mail.ru - 3 upvotes, $150
- SQL Injection on 11x11.mail.ru to Mail.ru - 3 upvotes, $0
- [https://www.anghami.com/updatemailinfo/] Sql Injection to Anghami - 3 upvotes, $0
- Sql injection And XSS to Khan Academy - 3 upvotes, $0
- SQLi in love.uber.com to Uber - 3 upvotes, $0
- SQL injection in conc/index.php/ccm/system/search/users/submit to Concrete CMS - 3 upvotes, $0
- Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
- SQL injection in Serendipity (serendipity_fetchComments) to Hanno's projects - 3 upvotes, $0
- SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, $0
- [CRITICAL] Sql Injection on http://axa.dxi.eu to 8x8 - 3 upvotes, $0
- SQL injection located in
███
in POST param████████
to U.S. Dept Of Defense - 3 upvotes, $0 - SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 3 upvotes, $0
- NoSQL-Injection discloses S3 File Upload URLs to Rocket.Chat - 3 upvotes, $0
- [orsotenslimselfie.lady.mail.ru] SQL Injection to Mail.ru - 2 upvotes, $300
- SQL inj to Mail.ru - 2 upvotes, $150
- [tidaltrek.mail.ru] SQL Injection to Mail.ru - 2 upvotes, $150
- SQL injection, tile ID to Uzbey - 2 upvotes, $0
- Active Record SQL Injection Vulnerability Affecting PostgreSQL to Ruby on Rails - 2 upvotes, $0
- Active Record SQL Injection Vulnerability Affecting PostgreSQL to Ruby on Rails - 2 upvotes, $0
- SQL Injection to Uzbey - 2 upvotes, $0
- Possible SQL injection on "Jump to twitter" to Gratipay - 2 upvotes, $0
- Possible SQL injection can cause denial of service attack to Dropbox - 2 upvotes, $0
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
- SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
sql
does not properly escape parameters when building SQL queries, resulting in potential SQLi to Node.js third-party modules - 2 upvotes, $0- Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
- [@azhou/basemodel] SQL injection to Node.js third-party modules - 2 upvotes, $0
- Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
- SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server to 8x8 - 2 upvotes, $0
- [Python]: Add SqlAlchemy support for SQL injection query to GitHub Security Lab - 2 upvotes, $0
- [Python] CWE-943: Add NoSQL Injection Query to GitHub Security Lab - 2 upvotes, $0
- SQL injection [дырка в движке форума] to Mail.ru - 1 upvotes, $200
- Time based sql injection to Mail.ru - 1 upvotes, $200
- [parapa.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
- [3k.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
- SQL Injection to Mail.ru - 1 upvotes, $150
- [tidaltrek.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
- SQL injection, time zoom script, tile ID to Uzbey - 1 upvotes, $0
- SQL Injection Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 1 upvotes, $0
- Time-Based Blind SQL Injection Attacks to Mail.ru - 1 upvotes, $0
- Blind SQL INJ to Paragon Initiative Enterprises - 1 upvotes, $0
- Time Based SQL injection in url parameter to WebSummit - 1 upvotes, $0
- SQL Injection Proof of Concept for Starbucks URL to Starbucks - 1 upvotes, $0
- typeorm does not properly escape parameters when building SQL queries, resulting in potential SQLi to Node.js third-party modules - 1 upvotes, $0
- SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
- [increments] sql injection to Node.js third-party modules - 1 upvotes, $0
- [Java] CWE-089: MyBatis Mapper XML SQL Injection to GitHub Security Lab - 1 upvotes, $0
- [afisha.mail.ru] SQL Injection to Mail.ru - 0 upvotes, $300
- [cfire.mail.ru] Time Based SQL Injection to Mail.ru - 0 upvotes, $150
- Possible Blind SQL injection | Language choice in presentation to Gratipay - 0 upvotes, $0
- Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
- SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0