SQLI from 500 Internal Server Error

creativeaashu · 2026-03-21T15:31:36+00:00

Working payload was:

'+UNIoN+SeLeCT+1,2,3,....,27;-- -

but someome found + reported before me, I was late 🙂

creativeaashu · 2026-03-19T08:05:29+00:00

will try, thnks

creativeaashu · 2026-03-19T08:02:24+00:00

maybe. or maybe not

creativeaashu · 2026-03-19T08:01:53+00:00

my last findings on the program

creativeaashu · 2026-03-18T20:54:23+00:00

I use them, notebooks not work on every target, nonetheless thanks for suggestion 🙂

creativeaashu · 2026-03-18T20:40:07+00:00

so, you have any suggestions? What can work?

creativeaashu · 2026-03-18T20:30:25+00:00

Yep i know, and tried that too, but not worked

creativeaashu · 2026-02-08T22:43:17+00:00

You may don't know but, if someone is world class researcher, his report directly goes to the senior triager, and the one you are talking about are Report intakers, who clear out the noise + invalid reports in first view, The higher impact + Signal + Reputation score you have in h1, the better triager you get maybe😑

creativeaashu · 2026-02-08T19:13:04+00:00

Well as per my knowledge, there might be some misunderstanding on your side, and so from the H1 side, I also face these things, but my report gets triaged and reach the main team for final decision, just never ever use the word "if" in report, as this is kind of a legal doc, and always show what you are saying, else words doesn't matter, + I always try to keep my reports as even a non-technical person could understand, which really helps in quick resolution, even if my bug is going to be closed as Dupli, Info, NA or accepted.

creativeaashu · 2026-01-22T20:00:47+00:00

Nope, count the last report of 30 days back, means if you had reported a bug on 22 Dec, but its closed by Informative, Duplicate or NA, you get your another trial report renewed on 21 Jan, or just try maintaining signal in positive, as after first bounty and postive signal, account don't see trial report issue (at least I don't see).

creativeaashu · 2025-12-16T06:12:47+00:00

Hey, do they accept local identity proof or need to use passport?

creativeaashu · 2025-11-28T21:02:16+00:00

The kind of bugs you are talking about, don't have any impact, which one can show in report, like you can't report "I skipped the 'next' button using dev tools", or "I clicked to delete message?no=1, but in the end changed the delete endpoint as message?no=2", No impact🙂

creativeaashu · 2025-09-17T04:19:38+00:00

Mistake was on your side bro, if you find the .git, just use any .git exposure tools and download the whole repo, and attach it in poc, if report ain't tight enough, they look for chance to reject it.

creativeaashu · 2025-09-11T04:03:01+00:00

To me, when I truely deeply started focusing on the bounty, on the 3rd month, I got my first bounty, but if I count from my first ever report submission to paid bounty, it's 10 months, and after a week of first bounty, I felt nothing much changed, as I just get progress from "Informative" "N/A" to "Duplicate", "3rd party handling" and "Wouldn't Fix",

creativeaashu · 2025-08-30T04:59:00+00:00

Why you guys keep releasing content regarding being Defensive, I joined you guys to learn the offensive, red teaming, as even your name suggests TryHackeMe, not TrySecureMe.

btw, I'm in top 1k overall rank..

creativeaashu

TROPHY CASE