I'm an engineer from Turkey, who is interested with biotechnology, computer science and digital gaming. Proud father of three little devils. A.K.A nukedx
Mar 21, 2023 • 6 tweets • 2 min read
Few months ago @osiryszzz and me discovered an interesting case of SQL injection on the @SynackRedTeam target which was black box testing.
During recon we noticed that there was an unrestricted file upload mechanism available to the any user. #bugbounty#bugbountytips /1
We noticed that the target was only processing the ZIP files but where the content unzipped wasn't clear which was preventing potential RCE or file overwrite via ZIP bombing. /2
Apr 20, 2022 • 8 tweets • 2 min read
As of today I passed half million milestone on @SynackRedTeam with 200k of it on last 90 days. So far this month about to catch previous one too, we will see what is going to happen in next 10 days :). #bugbounty#bugbountytips
Almost all my bugs this month was SQLis again. I'll try to give another example from the unique ones.
Feb 26, 2022 • 6 tweets • 2 min read
On recent engagements to the on program on @SynackRedTeam, I find out that target had error based SQL injection on LIMIT clause, it appears that DBMS was MariaDB 10.4.13 so it was limiting options to be used on the injection. #bugbountytips#bugbounty 1/5
Only way to exploit the vulnerability was using PROCEDURE ANALYSE on the injection point. However we were not able to use subqueries inside analyse because it's not allowed. So our options were limited to fetch stuff like database(), user() etc. 2/5