I’m here to tell you how I found SQL injection on this website at HackerOne just in 5 minutes and I got 350$ without any tools to recon

just I used my mind and google search after 2 or 3 minutes I found a zip on a website like https://intensedebate.com/intensedebate.zip I downloaded this zip I saw source code of some file PHP like this

<img src=”http://intensedebate
.com/midimages/<?php echo get_usermeta($user_ID, ‘id_userID’);?>” alt=”[Avatar]” class=”idwp-avatar” />
<h3 class=”idwp-floatnone”><?php printf(__(‘Synchronizing as %s’, ‘intensedebate
‘), ‘<a href=”http://www.intensedebate
.com/people/'.get_usermeta($user_ID, ‘id_username’).’”>’.get_usermeta($user_ID, ‘id_username’).’</a>’); ?></h3>
<p class=”idwp-floatnone”><a href=”http://www.intensedebate
.com/userDash"><?php _e(‘Dashboard’, ‘intensedebate
‘); ?></a> | <a href=”http://www.intensedebate
.com/editprofile”><?php _e(‘Edit profile’, ‘intensedebate
‘); ?></a></p>
<p><a href=”options-general.php?id_settings_action=user_disconnect” id=”id_user_disconnect”><?php _e(‘Disconnect…


سلاوی خوای گه‌وره‌تان لێبێت

من احمد عبداللخالق م دانیشتوی سلیمانی له‌م كورته‌ راپۆرته‌ باسی دیار ده‌یه‌كی سه‌یرتان بۆ ئه‌كه‌م له‌ كوردستان به‌تایبه‌ت سلیمانی له‌ماوه‌ی مانگیك دا ئه‌و سی فیه‌ ی سه‌ره‌وه‌م ناردوه‌ بۆ 10 كۆمپانیای گه‌وره‌ له‌ سلیمانی كه‌ خاوه‌نی زۆربه‌ی بروانامه‌كانی كۆمپانیا گه‌وره‌كانم له‌ جیهان شه‌هاده‌ی زۆربه‌یانم هه‌یه‌ له‌گه‌ل كاركردنم له‌و بواره‌ بۆ ماوه‌ی 15 سال له‌ بورای سكویرتی واتا بلین خبره‌یه‌كی باشم هه‌یه‌ و كه‌م كه‌سیم بینیوه‌ له‌ كوردستان له‌و ئاسته‌ بیت به‌ په‌نجه‌ی ده‌س ئه‌ژمیردرین ئه‌وانیش وه‌ك منن هیچیان له‌من كه‌م تر نیه‌

ئه‌وانه‌ی توانایه‌كی باشیان هه‌یه‌ وه‌ك من یان له‌ من باشتر خۆیان له‌سه‌ر كۆمبیته‌ر كارئه‌كه‌ن به‌شی وه‌ی (فری لانسس)…


how i bypassed microsoft authenticator time-based stop otp refreshing funny POC

my name is Ahmed a Abdulla

I would like to report stop otp refreshing that allows to an attacker stop refreshing OTP in 30s

and an attacker can brute force account and steal code login all account in one time

an attacker can bypass 2FA via brute force cuz the refreshing OTP is stopped Microsoft authenticator

I test on iPad mini 3 Version 12.4.9

1:- open your account and set up Two-factor verification using Microsoft Authenticator‬

2:- and you need OTP code to login in to your account

3- open app Microsoft Authenticator‬ you will see the code otp is refreshing in 30s to bypass this 30s just scroll down the screen iPad the will stoped the time code

Microsoft does not accept this POC because it’s not risk to the user


How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group ,uis.cam.ac.uk ,volvocars.biz ,asus.com

What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.

I will show you my method to find SQL injection in one photo I hacked all this company in this way…


Background

On October 29, a proof of concept (PoC) for a remote code execution (RCE) vulnerability in Apache Solr, a popular open-source search platform built on Apache Lucene, was published as a GitHub Gist. At the time this blog post was published, this vulnerability did not have a CVE identifier and no confirmation or indication of a solution available from Apache. However, Apache recently announced releases of Solr to address this vulnerability, which is now identified as CVE-2019–17558. Tenable Research confirmed that Apache Solr versions 7.7.2 through 8.3 were vulnerable at the time this blog post was originally published. After the…

Ahmad A Abdulla

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store