From SOAP to Shell: Exploiting Legacy SOAP Services for Full Admin Account Takeover (And Nearly…When you think about modern web technologies, SOAP (Simple Object Access Protocol) probably isn’t the first thing that comes to mind. It’s…9h ago9h ago
CVE-2025–32993: Time-Based Blind SQL Injection in a Popular Help Desk SoftwareDuring a private security assessment for a hosting-related company, I identified a Time-Based Blind SQL Injection vulnerability in a widely…Apr 14Apr 14
Published inInfoSec Write-upsHacking Open Docker Registries: Pulling, Extracting, and Exploiting Images.Discovering secrets in exposed container images and leveraging misconfigurations for deeper accessMar 194Mar 194
Published inInfoSec Write-upsAdvanced SQL Injection Techniques to Data Exfiltration, OoB, Leveraging JSON etc.Here are some advanced SQL injection techniques that go beyond basic attacks. Learn how to execute data exfiltration, leverage Out-of-Band…Jul 27, 2024Jul 27, 2024
How to Create Your Own SQLMap Tamper Scripts — Step-by-step guideCreating your own tamper script for SQLMap involves writing a Python script that modifies the payloads used by SQLMap to evade web…Jul 26, 20241Jul 26, 20241
Published inInfoSec Write-upsAdvanced SQL Injection Techniques for Ethical Hackers and BB Hunters — By nav1nThese advanced techniques should be used responsibly and only in legal and authorized testing scenarios. They go beyond the basics & ..Jul 26, 2024Jul 26, 2024
Published inInfoSec Write-upsI helped the top Indian health benefits management platform from major PII leak by hacking their…In this article I’m going to show how I was able to alert a major Indian health benefits management platforms to protect their more than…May 22, 20238May 22, 20238
Published inInfoSec Write-upsExploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…I recently got a private invitation to hack on a EU based Online Media and Entertainment org. The target’s scope wasn't large, but had a…May 20, 20236May 20, 20236
Published inInfoSec Write-upsI Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability.Thank you for your love and appreciation for my recent blog post on MySQL SQL Injection that I found in a major international retail…Mar 10, 202310Mar 10, 202310
Published inInfoSec Write-upsHow I Gained Access to a Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL InjectionHello, thank you for stopping by.Mar 8, 202319Mar 8, 202319
![Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…](https://miro.medium.com/v2/resize:fill:160:106/1*1jPQfzQ_RfbrM1FW6RI21Q.png)
![Exploiting SQL Error SQLSTATE[42000] To Own MariaDB of A Large EU based Online Media and…](https://miro.medium.com/v2/resize:fill:320:214/1*1jPQfzQ_RfbrM1FW6RI21Q.png)
