Welcome to nav1n.com
Nothing much to see here yet!, please come back again.
Connect me on twitter: @admin
If you have a JSON login page, test blind-SQL injection directly in the username and/or password fields like below. #BugBounty #SQLInjection #bugbountytips
Payload injected in username input field:
A few days ago there was a healthy discussion on sticking to a single program or multiple targets -> , where @HusseiN98D mentioned abt FIS program on BC, I never heard about it. So, decided to spend sometime on that & yesterday this happened. #BugBounty
@nav1n0x @retkoussa 2 months of sticking to one of the most hardened public programs, hijacked top 1 and more than $500k in bounties counting collabs with @infosec_au & @rhyselsmore . Stick to 1 program and dig deeper. You will end up finding your rabbit hole.
In March, I submitted 25 vulnerabilities to 1 program on @Hacker0x01. I cant believe I worked on a single target whole March🧐🧐🧐. And 14 out of 25 were Critical and High severity bugs.
Scored 10/10 in CVSS today. Both SQL injections were full db + Server takeover using OS shell. #BugBounty
There's an opening for 2x Cyber Security Architects with 7 years experience in Saudi Arabia, if anyone interested DM me, will share the connection.
SQL Injection on JSON body POST request. It took me some time, but finally found the right technique and injection point. ``sqlmap -r request.txt --level=5 --risk=3 --force-ssl --ignore-code=500 --dbs`` #SQLInjection #BugBounty4