Frequently Asked Questions
The following are frequently asked questions about common vulnerabilities and security misconfigurations found during bug bounty hunting. Understanding these concepts is crucial for anyone starting their bug hunting journey.
What is a SQLi vulnerability?
A SQL injection attack involves inserting or "injecting" a
SQL query into the application through the client's
input data. An
effective SQL injection exploit can read sensitive
data from the database, alter database data
(Insert/Update/Delete), and even perform database administration operations.
What is an RCE vulnerability?
If user input is inserted into a File or a String and then executed (evaluated) by the backend
programming language's parser, a remote code execution (RCE) vulnerability can be exploited.
A Remote Code Evaluation will result in the entire web application and web server being compromised as
it allows an attacker to execute arbitrary
commands on the server.
How can I reach you?
If you have any feedback or, concerns about this site, I can be reached on Twitter.