LinkedIn

Oxy Release: SQL IDE, Query Execution, and YAML Validation Updates

This week's Oxy release introduces a full-featured SQL IDE, enhanced query execution, and strict YAML validation. Key updates: 💻 SQL IDE - multi-tab editor with database schema browser, connection ...
GitHub

GLPI-9.3.3-SQL-Injection_1.yaml

description: "Synacktiv discovered that GLPI exposes a script (/scripts/unlock_tasks.php) that not correctly sanitize usercontrolled data before using it in SQL queries. Thus, an attacker could abuse ...
GitHub

ATR-2026-00407-echo-sql-jinja-template-injection.yaml

"garak pwnd" literal appears in SQL INSERT payloads. From NVIDIA garak context: "This rule detects template injection (Jinja SSTI), SQL injection, and ECHO admin command exploitation attempts ...
LinkedIn

Bug Forge CTF: UNION-based exfil on parameterized API endpoint

Cracked another Bug Forge web CTF with Claude Code. Target was a code-snippet sharing app. Login looked tempting — classic SQLi territory — but it was properly parameterised. Dead end on the obvious ...