"I found multiple demo versions available without any authentication. I went there, extracted all the requests, and fuzzed all the parameters for SQL injection. Then I changed the domain to the in-scope domain of the company I was hacking and ran SQL commands to dump their database."
Hear from Nikhil “Niks” Srivastava bug bounty hunter and founder of B-Sides Ahmedabad in our DEF CON 32 special episode of the Be Fearless Podcast. Hosted by SquareX Product Evangelist Dakshitaa, Niks discusses his research, bug bounty hunting experience and giving back to the cybersecurity community via conferences.
0:00 Niks’ DEF CON talk on hacking corporate banking
3:27 How AI has made bug bounty hunting easier
4:59 Bug bounty story: breaking into an e-commerce company via SQL injection
7:34 Giving back to the cybersecurity community with BSides Ahmedabad
10:13 Advice for bug bounty beginners
🔔 Follow Niks and Dakshitaa on:
https://www.linkedin.com/in/nikhilksrivastava/
https://www.linkedin.com/in/dakshitaababu/
🔥 Powered by SquareX
Deployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0
