Member-only story
I Found a 12,000 ₹ Blind SQL Injection, Beginner's friendly Breakdown
INTRODUCTION
Hello Hunters, ANONDGR here, back again with a new write-up. In this write-up, I will be breaking down the steps that I performed to find a CRITICAL P1 Blind SQL Injection vulnerability during my bug bounty hunting on ComOlho.
So without wasting much time, let’s get started.
WHAT IS BLIND SQL INJECTION
before diving deep into the POC Let me introduce you with Blind SQL injection first if you are not familiar already
SQL INJECTION
SQL Injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database. By injecting malicious SQL code into input fields or parameters, an attacker can bypass security measures, view data they are not authorized to see, and even modify or delete records
Unlike typical SQL injection, Blind SQL injection is a bit different in the way it is found and exploited. That said, there are mainly two types of SQLi:
- Error-based
- Blind or boolean-based
Error-based SQL injection:
