$500 Bug Bounty PoC Worth | SQL Injection (Error Handling) and PHP Information Disclosure
Рет қаралды 28,961
Күн бұрынThis is a bug bounty PoC carried on a live target, A CMS used by many British charity organisations. This video shows how I managed to perform a SQL injection vulnerabilty by causing an error, whilst utilising tools like SQLmap and Ghauri. I also use additional methods like ffuf, subfinder and httpx to find other sensitive information on the target..
Join my discord for learning cybersecurity and ethical hacking.
/ discord
My Github - github.com/Hac...
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
Audio Credits/Name:
Stereo Love (Chorus Edit & Slowed + Reverb) @ISHK
#hacker #hack #hackers #hacking #bugbounty #bugbountypoc #bugbountyhunting #cybersecurity #ethicalhacking #educational #eductionalvideo #informationtechnology #informationsecurity
@HackShiv 4 ай бұрын
Unfortunately, i also couldn't escalate or extract db other than just a manual SQL error. But its still considered a p1-p2 vuln. Join discord, i'm releasing a roadmap for beginners soon and we can learn together. I'm gonna upload as many resources I can.
@frederikbekeman 3 ай бұрын
Love!!
@Advertisingdaily 2 ай бұрын
We need a hashira training arc bro 🎉🎉
@HackShiv 2 ай бұрын
@@Advertisingdaily lol 😂
@garrinormanivannacov370 3 ай бұрын
Awesome! thankyou brother
@HackShiv 3 ай бұрын
Thanks!
@huddle8076 2 ай бұрын
Hey mate why don't you use proxies while doing this(specifically during sql injection part)
@HackShiv 2 ай бұрын
@@huddle8076 Because you don't need proxychains while ethically hacking unless you're engaging in red teaming to avoid revealing ip. Also, no point using proxychains on wsl, not the best environment.
@revoltz7939 Ай бұрын
this music is incredible !!
@kavyagungah2393 3 ай бұрын
Subscribed, good content
@HackShiv 3 ай бұрын
Ayy thank you! ❤️
@gamingwithamit2004 Ай бұрын
Im beginner how I start can you teach me 😫
@HackShiv Ай бұрын
@@gamingwithamit2004 Hello, i made a discord for all of us. You can join it!
@gamingwithamit2004 Ай бұрын
@@HackShiv okay 👌
@omeshhedaoo2775 2 ай бұрын
Great One
@yashanksahu2813 25 күн бұрын
Was there a little logic ,that insted of using a simple url u thought of using a url and again a site parameter
@HackShiv 25 күн бұрын
@@yashanksahu2813 Well, what happened, was testing a site, redirected me to a cms and i started testing open redirects, found the vuln on the cms via that.
@MOHAKSHARMA-yz9rk 2 ай бұрын
Isn't that parameter pollution too??
@HackShiv 2 ай бұрын
@@MOHAKSHARMA-yz9rk Yeah i think so
@LUCIFER6667 Ай бұрын
Bro why? are you add multiple sites name in url pls explain to me 🙏
@HackShiv Ай бұрын
@@LUCIFER6667 Idk, i was just messing around with the parameter 😂
@LUCIFER6667 Ай бұрын
@@HackShiv so the actual reason for SQL is passwd input right?
@HackShiv Ай бұрын
@@LUCIFER6667 i don't think so, not directly it isn't i think. Maybe blind sql is possible
@exploreThe_ 2 ай бұрын
✅
@yashanksahu2813 25 күн бұрын
He bro
@yashanksahu2813 25 күн бұрын
Why did u only use site parameter and if u chose it then how did u decide that there only lies sqli not ssrf xss rce lfi else
@_subhanazam 3 ай бұрын
17:10 here the problem was you didn't encode the payload !
@HackShiv 3 ай бұрын
Oh yh shit. I just realised. Its actually ctrl + u as shortcut on burp to encode the highlighted payload. I thought it was for xss only but im stupid lol 😂. Thanks for catching that. 🙏 Unfortunately, i also couldn't escalate or extract db other than just a manual SQL error.
@nikixz3935 2 ай бұрын
bug bounty hunting on windows is a crime go for kali linux or arch or mac os
@HackShiv 2 ай бұрын
@@nikixz3935 No, not a crime. You can do any OS.
@Sidselsidikselaksana 6 күн бұрын
shut up lammer ~
@RGAOFFICIALYT 2 ай бұрын
Bro ma begginger hu but muja bhi bug hunter banana ha course dedo plz
@HackShiv 2 ай бұрын
@@RGAOFFICIALYT All resources in discord for free 👍
@breakoutgaffe4027 3 ай бұрын
I like piping the subfinder output to httpx to check the response codes, neat
@HackShiv 3 ай бұрын
Haha. Thank you very much ❤️ (still learning 🫡)
@not_itay 2 ай бұрын
where did you learn how to hack?
@HackShiv 2 ай бұрын
@@not_itay First, i used tryhackme, it helped me understand which area of cyber sec is interesting, then moved on portswigger academy. Now im focusing my time on HTB, while putting it on YT as well 👍
@not_itay 2 ай бұрын
@@HackShiv thank you so much keep it up 👍
@yashanksahu2813 25 күн бұрын
Why did u only use site parameter and if u chose it then how did u decide that there only lies sqli not ssrf xss rce lfi else
@HackShiv 25 күн бұрын
@@yashanksahu2813 I was js playing around with it tbh, so ig luck-based.
@zulfikar4799 2 ай бұрын
cool man
@exploreThe_ 2 ай бұрын
✅
@muhammadharis2212 2 ай бұрын
Great one
@breakoutgaffe4027 3 ай бұрын
Cool video bro! Subbed. What was the SQLi classified as, P3?
@HackShiv 3 ай бұрын
It was a SQL error so it's classified p3-p4 but dif programs can classify as p1 since it's technically sqli.
@aatankbadboy3941 4 ай бұрын
Bro why not you explain your steps😢
@HackShiv 4 ай бұрын
Next time, I can explain through text on screen so that it helps, but slow down the video to understand what i'm doing. ❤🙂
@jobaizen4892 4 ай бұрын
@@HackShiv ok bro waiting, +sub. But can u explain in detail?
@shiiswii4136 3 ай бұрын
@@jobaizen4892 just watch closely
@destroyerr1558 4 ай бұрын
Good video
@HackShiv 4 ай бұрын
Thank you 🫂❤️
@IbrahimAli-wd 3 ай бұрын
please explain every steps. thanks in advance
@HackShiv 3 ай бұрын
Sure, will do next time 🙂
@Tatsuia0 3 ай бұрын
Which is the platform where u take this bug bounty program?
@HackShiv 3 ай бұрын
@@Tatsuia0 Open program.
@Tatsuia0 3 ай бұрын
@@HackShiv bugcrowd, hackerone or other?
@zeeqcybersec3311 3 ай бұрын
you made too many mistake. first you need to learn sqlmap. how sqlmap works. second using burp, doesn't work if you change the method POST to GET but you made mistake in url. you must convert the text to url first in burp afer that send the request. it's not wrong using other people's tools but make sure you know how to use it.
@HackShiv 3 ай бұрын
Yeah, i'll try to better next time. I noticed i missed a few important data POST parem using ghauri. But the SQL error, it was a manual finding through url pollution bro. I didn't use any tools for that.
@zeeqcybersec3311 3 ай бұрын
@@HackShiv goodluck on learning more about pentesting btw your vid is great but unfortunately have mistakes. if you dig more deeper maybe you can earn more than $500 because the sqli vuln so high on that website. goodluck on your journey
@HackShiv 3 ай бұрын
@@zeeqcybersec3311 Thank you!
@FROST-X8 2 ай бұрын
@@zeeqcybersec3311 bruh can we please chat I really a mentor
NahamSec
Рет қаралды 162 М.
BePractical
Рет қаралды 21 М.
David Bombal
Рет қаралды 169 М.