Sub_Zero

@awais0x1 Can you share with me the vulnerable site to bypass the WAF manually without using cookies?

I just published Find SQL injection with burp Suite scanner medium.com/p/discovering-…

🚩 تحدي حقن SQL 🔗 الهدف: rock-castle.cn/case/detail.ph… 🎯 المطلوب: قم بإظهار #الإعمدة_المصابة 😊 #SQLi #BugBounty #CyberSecurity #InfoSec #CTF #Pentest #WebSecurity #EthicalHacking

@j6_mu تم حل تحدي sql 💉💪💉رائع بالتوفيق

اذا كان لديك خبرة في التعامل مع قواعد البيانات هذا الميدان 😁🔥 التحدي في المنصة جاهز

@_casper0x The best dream from the first time in the report always when reporting a SQL injection vulnerability to prove the real concept to them you must extract: database names database version and database hostname

SQLi allowed database enumeration and dumping, Still a bit weird the report was closed as Informative sqlmap -r r.txt --eval="import base64; payload_part='select 1 where 1=1'; GUID='x%27 or length(payload_part)=0'; del payload_part" #bugbounty #sqli #hackerone #bugbountytips

@Chef52002 @_jensec Should I add JS files to analyze them?

@_jensec I'm not that good with code, so any advice is welcome. github.com/Banshee444/JSA…

Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets. github.com/jenish-sojitra… The tool helps find endpoints, files, internal emails, and some secrets from minified JS. Its goal is to achieve maximum efficiency with reduced noise in results. Contributions and feedbacks are welcome.

One of the common exploitable errors when testing for #SQL #Injection vulnerabilities is: ⛔Unclosed quotation mark after the character string #bugbounty #sql #sqlinjection #MSSQL #bugbountytips #bugbountytips #bugbountysql

#sql_injaction Microsoft SQL (MSSQL) Database Injection Error-Based and Union-Based Level easy Website Link: abbomax.com #bugbounty #sql #sqlinjection #MSSQL #bugbountytips

@HackingTeam777 twitter.com/Subzxero/statu…

💉 Manual SQL Injection Challenge without tools bypassing 🛡 #Sucuri WAF and #GoDaddy Without using the Real IP method as it's not always effective and lacks any fun Website worldplants.ca #bugbounty #sql #sqlinjection #bugbountytips #bugbountytips #bugbountysql

@malekmesdour جميل جدا واصل اخي بالتوفيق

I found an SQLi on the main app and I was able to execute any SQL function. They “fixed” it in two days and downgraded it to High, saying it was “read-only”💀 Anyway, below how I bypassed the WAF using parameter pollution #BugBounty #bugbountytips

@timd1gga @theXSSrat Good luck. Do you have a website vulnerable to SQL injection with a WAF?

Today’s findings: • 3 SQLi vulnerabilities exposing admin credentials and sensitive data • 1 XSS vulnerability #BugBounty #PenTesting #CyberSecurity #SQLi #xss

@viehgroup The single quote (') isn't everything when it comes to triggering an SQL error Try this site and test it with injection: ngdvet.com/product_detail…

SQL Injection #bugbounty https://example. com/product.php?id=1 Append a single quote (') to the URL:http://example. com/product.php?id=1' If an error message like SQL syntax error appears, the input is vulnerable. #infosec #cybersecurity #bugbounty #bugbountytips

💉 Manual SQL Injection Challenge without tools bypassing 🛡 #Sucuri WAF and #GoDaddy Without using the Real IP method as it's not always effective and lacks any fun Website worldplants.ca #bugbounty #sql #sqlinjection #bugbountytips #bugbountytips #bugbountysql

@Sazouki_ Good luck to you too bro

@Subzxero good luck with that

F5 SQLi WAF BYPASS ‘ or (select ‘sqli’) = ‘sqli // blocked ‘ || not (select ‘sqli’) like ‘s% // bypassed #F5 #sqli #BugBounty

@dk4trin @inspectiv @theWeertic 💉 Manual SQL Injection Challenge without tools, bypassing 🛡 Sucuri WAF and GoDaddy WAF Without using the Real IP method, as it's not always effective and lacks any fun 🌐 Website link: worldplants.ca

huge thanks to @inspectiv aos poucos voltando + collab @theWeertic top top top shortscan > fuzzing > persistence fuzzing (+ theWeertic's tools)

@mamunwhh The single quote (') isn't everything when it comes to triggering an SQL error Try this site and test it with injection: ngdvet.com/product_detail…

SQL Injection #bugbounty https://example. com/product.php?id=1 Append a single quote (') to the URL:http://example. com/product.php?id=1' If an error message like SQL syntax error appears, the input is vulnerable.

@islam_elnajdy Can we communicate privately? Message me.

Hi everyone! As part of the ALX program, I'm reflecting on my journey in 2023. This year has been a whirlwind of learning, challenges, and incredible growth, not just in my technical skills but also in my approach to problem-solving and collaboration.#FacesofALXSE #ALX_SE_2023

@PushpakPawar_11 @UBS Please write to me on the private because I could not write to you

Hi @UBS, I’ve discovered a critical XSS vulnerability in your system and found other severe vulnerabilities. I reported this via email but haven’t received a response. Can you connect me with your web app security team?