Unfortunately, i also couldn't escalate or extract db other than just a manual SQL error. But its still considered a p1-p2 vuln. Join discord, i'm releasing a roadmap for beginners soon and we can learn together. I'm gonna upload as many resources I can.
Oh yh shit. I just realised. Its actually ctrl + u as shortcut on burp to encode the highlighted payload. I thought it was for xss only but im stupid lol 😂. Thanks for catching that. 🙏 Unfortunately, i also couldn't escalate or extract db other than just a manual SQL error.
you made too many mistake. first you need to learn sqlmap. how sqlmap works. second using burp, doesn't work if you change the method POST to GET but you made mistake in url. you must convert the text to url first in burp afer that send the request. it's not wrong using other people's tools but make sure you know how to use it.
Yeah, i'll try to better next time. I noticed i missed a few important data POST parem using ghauri. But the SQL error, it was a manual finding through url pollution bro. I didn't use any tools for that.
@@HackerShiv goodluck on learning more about pentesting btw your vid is great but unfortunately have mistakes. if you dig more deeper maybe you can earn more than $500 because the sqli vuln so high on that website. goodluck on your journey
Unfortunately, i also couldn't escalate or extract db other than just a manual SQL error. But its still considered a p1-p2 vuln.
Join discord, i'm releasing a roadmap for beginners soon and we can learn together. I'm gonna upload as many resources I can.
Love!!
Awesome! thankyou brother
Thanks!
Subscribed, good content
Ayy thank you! ❤️
Cool video bro! Subbed. What was the SQLi classified as, P3?
It was a SQL error so it's classified p3-p4 but dif programs can classify as p1 since it's technically sqli.
Good video
Thank you 🫂❤️
I like piping the subfinder output to httpx to check the response codes, neat
Haha. Thank you very much ❤️ (still learning 🫡)
Which is the platform where u take this bug bounty program?
@@Tatsuia0 Open program.
@@HackerShiv bugcrowd, hackerone or other?
please explain every steps. thanks in advance
Sure, will do next time 🙂
17:10 here the problem was you didn't encode the payload !
Oh yh shit. I just realised. Its actually ctrl + u as shortcut on burp to encode the highlighted payload. I thought it was for xss only but im stupid lol 😂. Thanks for catching that. 🙏
Unfortunately, i also couldn't escalate or extract db other than just a manual SQL error.
Bro why not you explain your steps😢
Next time, I can explain through text on screen so that it helps, but slow down the video to understand what i'm doing. ❤🙂
@@HackerShiv ok bro waiting, +sub. But can u explain in detail?
@@jobaizen4892 just watch closely
you made too many mistake. first you need to learn sqlmap. how sqlmap works. second using burp, doesn't work if you change the method POST to GET but you made mistake in url. you must convert the text to url first in burp afer that send the request. it's not wrong using other people's tools but make sure you know how to use it.
Yeah, i'll try to better next time. I noticed i missed a few important data POST parem using ghauri. But the SQL error, it was a manual finding through url pollution bro. I didn't use any tools for that.
@@HackerShiv goodluck on learning more about pentesting btw your vid is great but unfortunately have mistakes. if you dig more deeper maybe you can earn more than $500 because the sqli vuln so high on that website. goodluck on your journey
@@zeeqcybersec3311 Thank you!