Ep. 5 – Stored XSS & SQL Injection: Small Flaws, Big Breaches

A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request.

Both attacks exploited basic security flaws—flaws that should have been caught.

Learn how these exploits worked, why they were missed, and what should have been done differently.

Chapters:

0:00 - INTRO

01:39 - FINDING #1 – Stored XSS That Took Over User Accounts

07:14 - FINDING #2 – The SQL Injection That Bypassed a Firewall and Dumped the Entire Database

15:22 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!

🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link