Skip to content

Latest commit

 

History

History
274 lines (273 loc) · 35.8 KB

TOPSQLI.md

File metadata and controls

274 lines (273 loc) · 35.8 KB
Raw

Top SQLI reports from HackerOne:

  1. SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database to Starbucks - 757 upvotes, $0
  2. SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent to GSA Bounty - 679 upvotes, $0
  3. Time-Based SQL injection at city-mobil.ru to Mail.ru - 631 upvotes, $15000
  4. SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter to Razer - 580 upvotes, $2000
  5. SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog to Razer - 528 upvotes, $2000
  6. SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 473 upvotes, $0
  7. Blind SQL Injection to InnoGames - 432 upvotes, $2000
  8. SQL injection at fleet.city-mobil.ru to Mail.ru - 372 upvotes, $10000
  9. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - 365 upvotes, $25000
  10. [windows10.hi-tech.mail.ru] Blind SQL Injection to Mail.ru - 330 upvotes, $5000
  11. SQL Injection on cookie parameter to MTN Group - 308 upvotes, $0
  12. [www.zomato.com] SQLi - /php/██████████ - item_id to Zomato - 305 upvotes, $4500
  13. SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter to Razer - 240 upvotes, $2000
  14. [api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥] to Razer - 232 upvotes, $4000
  15. Boolean-based SQL Injection on relap.io to Mail.ru - 227 upvotes, $0
  16. SQL Injection in agent-manager to Acronis - 225 upvotes, $0
  17. Blind SQL Injection in city-mobil.ru domain to Mail.ru - 224 upvotes, $2000
  18. Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 219 upvotes, $0
  19. SQL Injection in www.hyperpure.com to Zomato - 214 upvotes, $2000
  20. Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues) to Pornhub - 211 upvotes, $0
  21. Blind SQL Injection on starbucks.com.gt and WAF Bypass :* to Starbucks - 203 upvotes, $0
  22. Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" to QIWI - 194 upvotes, $0
  23. SQLi at https://sea-web.gold.razer.com/demo-th/purchase-result.php via orderid Parameter to Razer - 183 upvotes, $2000
  24. www.drivegrab.com SQL injection to Grab - 181 upvotes, $4500
  25. Blind SQL injection in Hall of Fap to Pornhub - 179 upvotes, $0
  26. Sql injection on docs.atavist.com to Automattic - 160 upvotes, $0
  27. SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ to Mail.ru - 156 upvotes, $7500
  28. bypass sql injection #1109311 to Acronis - 153 upvotes, $0
  29. SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter to HackerOne - 150 upvotes, $0
  30. Blind SQL injection on id.indrive.com to inDrive - 142 upvotes, $4134
  31. SQL Injection Union Based to Automattic - 126 upvotes, $0
  32. SQL injection in Razer Gold List Admin at /lists/index.php via the list[] parameter. to Razer - 122 upvotes, $2000
  33. [intensedebate.com] SQL Injection Time Based On /js/commentAction/ to Automattic - 121 upvotes, $0
  34. SQL Injection at api.easy2pay.co/add-on/get-sig.php via partner_id Parameter to Razer - 119 upvotes, $2000
  35. SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution to QIWI - 118 upvotes, $0
  36. SQL Injection at https://files.palantir.com/ due to CVE-2021-38159 to Palantir Public - 114 upvotes, $0
  37. SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai to Krisp - 112 upvotes, $0
  38. SQL injection on admin.acronis.host development web service to Acronis - 108 upvotes, $0
  39. SQL injection in https://www.acronis.cz/ via the log parameter to Acronis - 96 upvotes, $0
  40. turboslim.lady.mail.ru - Blind sql-injection. to Mail.ru - 93 upvotes, $5000
  41. SQL Injection intensedebate.com to Automattic - 89 upvotes, $0
  42. SQL injection on jd.mail.ru to Mail.ru - 87 upvotes, $300
  43. 3igames.mail.ru SQL Injection to Mail.ru - 86 upvotes, $1500
  44. Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID to QIWI - 84 upvotes, $0
  45. SQL Injection on sctrack.email.uber.com.cn to Uber - 83 upvotes, $4000
  46. Blind SQL Injection at http://easytopup.in.th/es-services/mps.php via serial_no parameter to Razer - 80 upvotes, $1000
  47. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, $0
  48. SQL Injection in CVE Discovery Search to HackerOne - 79 upvotes, $0
  49. [Found Origin IP's Lead To Access To Grafana Instance , PgHero Instance [ Can SQL Injection ] to Omise - 78 upvotes, $0
  50. SQL injection delivery-club.ru (ClickHouse) to Mail.ru - 76 upvotes, $5000
  51. Time based SQL injection at████████ to U.S. Dept Of Defense - 75 upvotes, $0
  52. Arbitrary SQL command injection to Nextcloud - 74 upvotes, $0
  53. SQL Injection on https://www.olx.co.id to OLX - 74 upvotes, $0
  54. [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php to Automattic - 72 upvotes, $0
  55. SQL injection at https://sea-web.gold.razer.com/demo-th/goto-e2p-web-api.php via Multiple Parameters to Razer - 71 upvotes, $2000
  56. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 71 upvotes, $0
  57. SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, $0
  58. SQL Injection at https://████ via ███ parameter to Sony - 70 upvotes, $0
  59. Blind SQL Injection(Time Based Payload) in https://www.easytopup.in.th/store/game/digimon-master via CheckuserForm[user_id] to Razer - 68 upvotes, $1000
  60. [https://reviews.zomato.com] Time Based SQL Injection to Zomato - 67 upvotes, $1000
  61. Blind SQL injection at tsftp.informatica.com to Informatica - 66 upvotes, $0
  62. SQL Injection on prod.oidc-proxy.prod.webservices.mozgcp.net via invite_code parameter - Mozilla social inscription to Mozilla - 64 upvotes, $0
  63. SQL Injection at https://lite.r-keeper.ru/site_api/clients/derision/?lang=ru to Mail.ru - 62 upvotes, $1500
  64. [www.zomato.com] Blind SQL Injection in /php/geto2banner to Zomato - 60 upvotes, $2000
  65. [www.zomato.com] SQLi on order_id parameter to Zomato - 60 upvotes, $1000
  66. Blind SQL injection in third-party software, that allows to reveal user statistic from rocket.chat and possibly hack into the rocketchat.agilecrm.com to Rocket.Chat - 60 upvotes, $0
  67. [www.zomato.com] Union SQLi + Waf Bypass to Zomato - 58 upvotes, $1000
  68. Time-base SQL Injection in Search Users to Concrete CMS - 58 upvotes, $0
  69. SQL injection in 3rd party software Anomali to Uber - 57 upvotes, $2500
  70. Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 55 upvotes, $0
  71. Time Based SQL Injection to U.S. Department of State - 55 upvotes, $0
  72. SQL injection at ███████ to Sony - 53 upvotes, $0
  73. Blind SQL Injection on news.mail.ru to Mail.ru - 52 upvotes, $3000
  74. SQL Injection https://www.olx.co.id to OLX - 52 upvotes, $0
  75. Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID to QIWI - 52 upvotes, $0
  76. A SQL injection vulnerability in Vanilla to Vanilla - 51 upvotes, $600
  77. SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) to LocalTapiola - 50 upvotes, $1350
  78. [contact-sys.com] SQL Injection████ limit param to QIWI - 50 upvotes, $0
  79. SQL Injection in IBM access control panel & Broken access in admin panel to IBM - 49 upvotes, $0
  80. [www.zomato.com] Blind SQL Injection in /php/widgets_handler.php to Zomato - 46 upvotes, $2000
  81. SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, $0
  82. Vanilla SQL Injection Vulnerability to Vanilla - 45 upvotes, $600
  83. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, $0
  84. [city-mobil.ru/taxiserv/] SQLi at /taxiserv/tariffs/dictionary at filter{"id_locality"} param to Mail.ru - 44 upvotes, $0
  85. Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru to Mail.ru - 41 upvotes, $1500
  86. SQLI on uberpartner.eu leads to exposure of sensitive user data of Uber partners to Uber - 41 upvotes, $1500
  87. SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi) to LocalTapiola - 41 upvotes, $0
  88. [www.zomato.com] Boolean SQLi - /█████.php to Zomato - 40 upvotes, $1000
  89. Type Juggling -> PHP Object Injection -> SQL Injection Chain to ExpressionEngine - 39 upvotes, $0
  90. SQL injection in MilestoneFinder order method to GitLab - 38 upvotes, $2000
  91. SQL injection in Wordpress Plugin Huge IT Video Gallery at https://drive.uber.com/frmarketplace/ to Uber - 37 upvotes, $3000
  92. Blind SQL Injection to MTN Group - 37 upvotes, $0
  93. SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi) to LocalTapiola - 36 upvotes, $0
  94. [www.zomato.com] Boolean SQLi - /███████.php to Zomato - 35 upvotes, $1000
  95. sql injection via https://setup.p2p.ihost.com/ to IBM - 35 upvotes, $0
  96. Blind Sql Injection https:/████████ to U.S. Dept Of Defense - 35 upvotes, $0
  97. SQL Injection at https://lite.r-keeper.ru/site_api/localize/translate/rklscommon/ru to Mail.ru - 34 upvotes, $1500
  98. Blind SQL injection [https://honor.hi-tech.mail.ru] to Mail.ru - 33 upvotes, $300
  99. Time-based Blind SQLi on news.starbucks.com to Starbucks - 33 upvotes, $0
  100. sqli to Ubiquiti Inc. - 33 upvotes, $0
  101. [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN to QIWI - 32 upvotes, $0
  102. SQL injection in URL path processing on www.ibm.com to IBM - 31 upvotes, $0
  103. Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"} to Mail.ru - 30 upvotes, $3500
  104. Time Based SQL-inject in post-parametr login[username] [domain - youporn.com] to Pornhub - 30 upvotes, $2500
  105. SQL Injection found in NextCloud Android App Content Provider to Nextcloud - 30 upvotes, $150
  106. Sql-inj in https://maximum.com/ajax/people to Radancy - 30 upvotes, $0
  107. allods.mail.ru sql injection to Mail.ru - 29 upvotes, $0
  108. SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 29 upvotes, $0
  109. SQL injection to U.S. Dept Of Defense - 28 upvotes, $0
  110. SQL Injection on the administrator panel to MTN Group - 28 upvotes, $0
  111. SQL Injection on /cs/Satellite path to LocalTapiola - 27 upvotes, $0
  112. SQLI on desafio5estrelas.com to Uber - 26 upvotes, $2500
  113. [ipm.informatica.com] Sql injection Oracle to Informatica - 26 upvotes, $0
  114. SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi) to LocalTapiola - 26 upvotes, $0
  115. SQL injection in partner id field on https://www.teavana.com (Sign-up form) to Starbucks - 26 upvotes, $0
  116. SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
  117. SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 26 upvotes, $0
  118. Ability to escape database transaction through SQL injection, leading to arbitrary code execution to HackerOne - 25 upvotes, $0
  119. SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, $0
  120. SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015 to Tennessee Valley Authority - 24 upvotes, $0
  121. Blind User-Agent SQL Injection to Blind Remote OS Command Execution at █████████ to Sony - 23 upvotes, $0
  122. SQL Injection through /include/findusers.php to ImpressCMS - 23 upvotes, $0
  123. SQL injection on ██████████ via 'where' parameter to U.S. Dept Of Defense - 23 upvotes, $0
  124. gmmovinparts.com SQLi via forgot_password.jsp to General Motors - 22 upvotes, $0
  125. SQL injection on the https://████/ to U.S. Dept Of Defense - 22 upvotes, $0
  126. [critical] sql injection by GET method to Khan Academy - 21 upvotes, $0
  127. SQL Injection, exploitable in boolean mode to Zomato - 20 upvotes, $0
  128. Blind Based SQL Injection in 3d.sc.money to CS Money - 20 upvotes, $0
  129. SQL Injection on [█████████] to Sony - 20 upvotes, $0
  130. SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi) to LocalTapiola - 19 upvotes, $1350
  131. SQLi allow query restriction bypass on exposed FileContentProvider to Nextcloud - 19 upvotes, $100
  132. SQL Injection at /displayPDF.php (printshop.engelvoelkers.com) to Engel & Völkers Technology GmbH - 19 upvotes, $0
  133. SQL Injection in parameter REPORT to Tor - 19 upvotes, $0
  134. Blind SQL Injection on █████ via URI Path to Mars - 19 upvotes, $0
  135. SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi) to LocalTapiola - 18 upvotes, $1350
  136. Blind SQL iNJECTION to U.S. Dept Of Defense - 18 upvotes, $0
  137. time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 18 upvotes, $0
  138. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  139. WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure to WordPress - 17 upvotes, $0
  140. Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
  141. SQL Injection on █████ to U.S. Dept Of Defense - 17 upvotes, $0
  142. uchi.ru check_lessons Blind SQL Injection to Mail.ru - 16 upvotes, $750
  143. Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution to Liberapay - 16 upvotes, $0
  144. SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi) to LocalTapiola - 15 upvotes, $350
  145. Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 15 upvotes, $0
  146. [typeorm] SQL Injection to Node.js third-party modules - 15 upvotes, $0
  147. https://zest.co.th/zestlinepay/checkproduct API endpoint suffers from Boolean-based SQL injection to Razer - 15 upvotes, $0
  148. C++: Support Pqxx connector to search for sql injections to Postgres to GitHub Security Lab - 14 upvotes, $4500
  149. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, $0
  150. [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php to MapsMarker.com e.U. - 14 upvotes, $0
  151. [untitled-model] sql injection to Node.js third-party modules - 14 upvotes, $0
  152. Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, $0
  153. [api.easy2pay.co] SQL Injection in cashcard via card_no parameter ⭐️Bypassing IP whitelist⭐️ to Razer - 14 upvotes, $0
  154. Local SQL Injection in Content Provider (ru.mail.data.contact.ContactsProvider) of Mail.ru for Android, version 12.2.0.29734 to Mail.ru - 14 upvotes, $0
  155. SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 14 upvotes, $0
  156. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  157. [query-mysql] SQL Injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database to Node.js third-party modules - 13 upvotes, $0
  158. SQL injection when configuring a database to ImpressCMS - 13 upvotes, $0
  159. Code source discloure & ability to get database information "SQL injection" in [townwars.mail.ru] to Mail.ru - 12 upvotes, $0
  160. blind sql injection to Hanno's projects - 12 upvotes, $0
  161. SQL injections to U.S. Dept Of Defense - 12 upvotes, $0
  162. bit.games - sql-inj to Mail.ru - 11 upvotes, $1500
  163. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, $0
  164. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, $0
  165. stripo blog search SQL Injection to Stripo Inc - 11 upvotes, $0
  166. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, $0
  167. Sql Injection At █████████ to U.S. Dept Of Defense - 11 upvotes, $0
  168. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, $0
  169. [city-mobil.ru/taxiserv/] SQLi at /taxiserv/requests path at driver_company param to Mail.ru - 10 upvotes, $0
  170. Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 10 upvotes, $0
  171. SQL Injection and plaintext passwords via User Search to IBM - 10 upvotes, $0
  172. Time-based sql-injection на https://puzzle.mail.ru to Mail.ru - 9 upvotes, $300
  173. [informatica.com] Blind SQL Injection to Informatica - 9 upvotes, $0
  174. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, $0
  175. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  176. [afocusp.informatica.com] Sql injection afocusp.informatica.com:37777 to Informatica - 8 upvotes, $0
  177. Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi) to LocalTapiola - 8 upvotes, $0
  178. SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi) to LocalTapiola - 8 upvotes, $0
  179. SQL Injection on /webApp/lapsuudenturva (viestinta.lahitapiola.fi) to LocalTapiola - 8 upvotes, $0
  180. [Android API] SQL injection ( errortoken.json ) to Pornhub - 8 upvotes, $0
  181. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, $0
  182. SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, $0
  183. SQLi on █████████ to U.S. Dept Of Defense - 8 upvotes, $0
  184. SQL injection at /admin.php?/cp/members/create to ExpressionEngine - 8 upvotes, $0
  185. Blind SQL Injection to U.S. Dept Of Defense - 8 upvotes, $0
  186. SQL injextion via vulnerable doctrine/dbal version to Nextcloud - 8 upvotes, $0
  187. SQL Injection on https://████████/ to U.S. Dept Of Defense - 8 upvotes, $0
  188. [cfire.mail.ru] Time Based SQL Injection 2 to Mail.ru - 7 upvotes, $200
  189. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  190. Blind SQL Injection to ok.ru - 7 upvotes, $0
  191. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  192. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  193. Weak credentials, Blind SQLi, Timing attack, that leads to web admin access to 50m-ctf - 7 upvotes, $0
  194. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, $0
  195. SQL Injection or Denial of Service due to a Prototype Pollution to Node.js third-party modules - 7 upvotes, $0
  196. SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, $0
  197. SQL Injection leads to retrieve the contents of an entire database. to BlockDev Sp. Z o.o - 7 upvotes, $0
  198. SQL Injection in █████ to U.S. Dept Of Defense - 7 upvotes, $0
  199. NoSQL injection in listEmojiCustom method call to Rocket.Chat - 7 upvotes, $0
  200. SQLi on http://sports.yahoo.com/nfl/draft to Yahoo! - 6 upvotes, $0
  201. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, $0
  202. SQL injection [futexpert.mtngbissau.com] to MTN Group - 6 upvotes, $0
  203. tmgame.mail.ru - Blind sql injection to Mail.ru - 5 upvotes, $250
  204. [townwars.mail.ru] Time-Based SQL Injection to Mail.ru - 5 upvotes, $150
  205. [parapa.mail.ru] SQL Injection reapet to Mail.ru - 5 upvotes, $150
  206. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  207. sql injection vulnerablity found to Legal Robot - 5 upvotes, $0
  208. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, $0
  209. Golang : Add MongoDb NoSQL injection sinks to GitHub Security Lab - 5 upvotes, $0
  210. SQL Injection ON HK.Promotion to Yahoo! - 4 upvotes, $0
  211. caesary.yahoo.net Blind Sql Injection to Yahoo! - 4 upvotes, $0
  212. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  213. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  214. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  215. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  216. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  217. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  218. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, $0
  219. [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 4 upvotes, $0
  220. SQL injection update.mail.ru to Mail.ru - 3 upvotes, $250
  221. SQL inj to Mail.ru - 3 upvotes, $150
  222. SQL Injection on 11x11.mail.ru to Mail.ru - 3 upvotes, $0
  223. [https://www.anghami.com/updatemailinfo/] Sql Injection to Anghami - 3 upvotes, $0
  224. Sql injection And XSS to Khan Academy - 3 upvotes, $0
  225. SQLi in love.uber.com to Uber - 3 upvotes, $0
  226. SQL injection in conc/index.php/ccm/system/search/users/submit to Concrete CMS - 3 upvotes, $0
  227. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  228. SQL injection in Serendipity (serendipity_fetchComments) to Hanno's projects - 3 upvotes, $0
  229. SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, $0
  230. [CRITICAL] Sql Injection on http://axa.dxi.eu to 8x8 - 3 upvotes, $0
  231. SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 3 upvotes, $0
  232. SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 3 upvotes, $0
  233. NoSQL-Injection discloses S3 File Upload URLs to Rocket.Chat - 3 upvotes, $0
  234. [orsotenslimselfie.lady.mail.ru] SQL Injection to Mail.ru - 2 upvotes, $300
  235. SQL inj to Mail.ru - 2 upvotes, $150
  236. [tidaltrek.mail.ru] SQL Injection to Mail.ru - 2 upvotes, $150
  237. SQL injection, tile ID to Uzbey - 2 upvotes, $0
  238. Active Record SQL Injection Vulnerability Affecting PostgreSQL to Ruby on Rails - 2 upvotes, $0
  239. Active Record SQL Injection Vulnerability Affecting PostgreSQL to Ruby on Rails - 2 upvotes, $0
  240. SQL Injection to Uzbey - 2 upvotes, $0
  241. Possible SQL injection on "Jump to twitter" to Gratipay - 2 upvotes, $0
  242. Possible SQL injection can cause denial of service attack to Dropbox - 2 upvotes, $0
  243. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  244. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, $0
  245. sql does not properly escape parameters when building SQL queries, resulting in potential SQLi to Node.js third-party modules - 2 upvotes, $0
  246. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, $0
  247. [@azhou/basemodel] SQL injection to Node.js third-party modules - 2 upvotes, $0
  248. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, $0
  249. SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server to 8x8 - 2 upvotes, $0
  250. [Python]: Add SqlAlchemy support for SQL injection query to GitHub Security Lab - 2 upvotes, $0
  251. [Python] CWE-943: Add NoSQL Injection Query to GitHub Security Lab - 2 upvotes, $0
  252. SQL injection [дырка в движке форума] to Mail.ru - 1 upvotes, $200
  253. Time based sql injection to Mail.ru - 1 upvotes, $200
  254. [parapa.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
  255. [3k.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
  256. SQL Injection to Mail.ru - 1 upvotes, $150
  257. [tidaltrek.mail.ru] SQL Injection to Mail.ru - 1 upvotes, $150
  258. SQL injection, time zoom script, tile ID to Uzbey - 1 upvotes, $0
  259. SQL Injection Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 1 upvotes, $0
  260. Time-Based Blind SQL Injection Attacks to Mail.ru - 1 upvotes, $0
  261. Blind SQL INJ to Paragon Initiative Enterprises - 1 upvotes, $0
  262. Time Based SQL injection in url parameter to WebSummit - 1 upvotes, $0
  263. SQL Injection Proof of Concept for Starbucks URL to Starbucks - 1 upvotes, $0
  264. typeorm does not properly escape parameters when building SQL queries, resulting in potential SQLi to Node.js third-party modules - 1 upvotes, $0
  265. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, $0
  266. [increments] sql injection to Node.js third-party modules - 1 upvotes, $0
  267. [Java] CWE-089: MyBatis Mapper XML SQL Injection to GitHub Security Lab - 1 upvotes, $0
  268. [afisha.mail.ru] SQL Injection to Mail.ru - 0 upvotes, $300
  269. [cfire.mail.ru] Time Based SQL Injection to Mail.ru - 0 upvotes, $150
  270. Possible Blind SQL injection | Language choice in presentation to Gratipay - 0 upvotes, $0
  271. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, $0
  272. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, $0