? Access full case study here: https://members.bugbountyexplained.com/sqli-case-study/
? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on Twitter: https://bbre.dev/tw

This video is a part of the case study of 128 SQL injection bug bounty reports. In this part, I take a look at how did bug hunters demonstrate the impact of SQL injection bugs, including how they turned them into RCEs and file reads or writes.

Mentioned videos:
https://youtu.be/5CCaQ9OK2vU
https://youtu.be/ZKrABs-N9wA

? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Timestamps:

00:00 Intro
00:38 Local File Read with SQL injection
02:40 Using SQLi for Authentication Bypass
08:25 Modifying data with SQL injection
10:09 Data read
13:16 RCE via SQLi
14:52 No impact
16:34 Reading DB metadata

Add comment

Your email address will not be published. Required fields are marked *