Published inInfoSec Write-upsFrom Cookie Consent to Command Execution: A Real-World SQLi + Full PII Leak to RCE on a Careers…Hi, I’m nav1n0x — a Database Administrator by profession, and a security researcher and bug bounty hunter by passion, with a focus on…16h agoA response icon216h agoA response icon2
From Behaviors to Shells: Yii2 PHP Framework RCE | CVE-2024–58136 — Exploit and Mitigation!CVE-2024–58136 is a critical remote code execution (RCE) vulnerability in the Yii2 PHP framework. It affects applications that allow…May 28May 28
Published inInfoSec Write-upsFrom SOAP to Shell: Exploiting Legacy SOAP Services for Full Admin Account Takeover (And Nearly…When you think about modern web technologies, SOAP (Simple Object Access Protocol) probably isn’t the first thing that comes to mind. It’s…Apr 25Apr 25
CVE-2025–32993: Time-Based Blind SQL Injection in a Popular Help Desk SoftwareDuring a private security assessment for a hosting-related company, I identified a Time-Based Blind SQL Injection vulnerability in a widely…Apr 14Apr 14
Published inInfoSec Write-upsHacking Open Docker Registries: Pulling, Extracting, and Exploiting Images.Discovering secrets in exposed container images and leveraging misconfigurations for deeper accessMar 19A response icon4Mar 19A response icon4
Published inInfoSec Write-upsAdvanced SQL Injection Techniques to Data Exfiltration, OoB, Leveraging JSON etc.Here are some advanced SQL injection techniques that go beyond basic attacks. Learn how to execute data exfiltration, leverage Out-of-Band…Jul 27, 2024Jul 27, 2024
How to Create Your Own SQLMap Tamper Scripts — Step-by-step guideCreating your own tamper script for SQLMap involves writing a Python script that modifies the payloads used by SQLMap to evade web…Jul 26, 2024A response icon1Jul 26, 2024A response icon1
Published inInfoSec Write-upsAdvanced SQL Injection Techniques for Ethical Hackers and BB Hunters — By nav1nThese advanced techniques should be used responsibly and only in legal and authorized testing scenarios. They go beyond the basics & ..Jul 26, 2024Jul 26, 2024
Published inInfoSec Write-upsI helped the top Indian health benefits management platform from major PII leak by hacking their…In this article I’m going to show how I was able to alert a major Indian health benefits management platforms to protect their more than…May 22, 2023A response icon8May 22, 2023A response icon8
Published inInfoSec Write-upsExploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…I recently got a private invitation to hack on a EU based Online Media and Entertainment org. The target’s scope wasn't large, but had a…May 20, 2023A response icon6May 20, 2023A response icon6
![Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…](https://miro.medium.com/v2/resize:fill:160:106/1*1jPQfzQ_RfbrM1FW6RI21Q.png)
![Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…](https://miro.medium.com/v2/resize:fill:320:214/1*1jPQfzQ_RfbrM1FW6RI21Q.png)
