Stumbling upon SQL Injection

Photo by Sunder Muthukumaran on Unsplash

A SQL related vulnerability is typically considered to be severe and usually comes with a higher than average bounty. Somehow at 3:00 in the morning, I inadvertently found myself looking at one. I’ve never dived into the topic or learned much more than the basics, so I had to turn to the best hacking tool, Google.

I was on a subdomain of my target testing for XSS, and Burp gave me an alert that it had detected a…