Tag: sql-injection

All the articles with the tag "sql-injection".

• Exploiting a Product Search SQL Injection

  kOaDT

  15 Feb, 2026

  How to exploit a vulnerability in a tiny search box to quietly expose an entire database.

• Second-Order SQL Injection: When Trusted Data Turns Hostile

  kOaDT

  12 Feb, 2026

  How a crafted display name stored through a product review becomes a SQL injection payload when an admin filters reviews on the moderation panel.

• SQL Injection via X-Forwarded-For Header: Exploiting IP Tracking

  kOaDT

  24 Jan, 2026

  The app tracks visitor IPs via the X-Forwarded-For header and drops the raw value into a SQL query. Here's how to exploit it.

• SQL Injection: From Dropdown to Database Dump

  kOaDT

  10 Jan, 2026

  How a simple order status filter can be exploited to extract every user's credentials from the database.