Hamed Elnwasani

@torik_1999 yes

@0xhamdoon First of you used ' then injected payload?

Time-Based Blind SQL Injection in Dataapps UUID Pro Tip: Don't just test UUIDs for IDOR, they're often unparameterized DB inputs. That makes them prime SQLi candidates. #penetrationtesting #cybersecurity #bugbounty

@FSouihiSOAI Yes, I’ve seen this pattern mentioned in several writeups before, and I’ve read about other researchers finding it. However, this is the first time I’ve actually encountered and successfully exploited it myself in a real target

@0xhamdoon Have you seen this pattern frequently in bug bounty targets, or was this a one-off case?

simple SQLi bug read details on LinkedIn: linkedin.com/posts/0xhamdoo… #bugbounty #penetrationtesting #cybersecurity #SQLinjection

Two useful writeups I recently published: 1. Zero-Click ATO via Self-Stored XSS + WAF Bypass + IDOR 🔗@0xhamdoon/from-self-stored-xss-to-zero-click-ato-531e167ef276" target="_blank" rel="nofollow noopener">medium.com/@0xhamdoon/fro… 2. Chained Two Logic Flaws to Break a Ticketing System 🔗@0xhamdoon/how-i-chained-two-logic-flaws-to-break-a-ticketing-system-e9a3bdd6e8fe" target="_blank" rel="nofollow noopener">medium.com/@0xhamdoon/how… Enjoy reading, and happy hacking #bugbounty #cybersecurity