))
Ep. 5 – Stored XSS & SQL Injection: Small Flaws, Big Breaches
Manage episode 471294002 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request.
Both attacks exploited basic security flaws—flaws that should have been caught.
Learn how these exploits worked, why they were missed, and what should have been done differently.
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Chapters
1. Ep. 5 – Stored XSS & SQL Injection: Small Flaws, Big Breaches (00:00:00)
2. INTRO (00:00:10)
3. FINDING #1 – Stored XSS That Took Over User Accounts (00:01:39)
4. FINDING #2 – The SQL Injection That Bypassed a Firewall and Dumped the Entire Database (00:07:14)
5. OUTRO (00:15:22)
9 episodes
Share
