I am currently working on my finding my first bug , hv got 2 private invitation from hackerone ,
I am currently Testing my Target for SQLI using SQLMAP from my kali linux …
Though have been trying alot of the SQLi Techniques , But the outputs am getting from my SQLMAP keeps telling me nothing is Injectable , I actually need hints and guide on how to dig further
If SQLMap can’t find an injection point, the target is likely not vulnerable and even if it is, any SQLi vulnerability there may be is probably too obscure for an automated scanner to find.
Automated scans on bug bounty programs usually won’t get you anywhere. Tons of scanners have almost certainly already been run. You should perform almost only manual testing (except for recon, which can be largely automated).
As a side note, automated tools generate a lot of traffic on the target server which might get you blacklisted from the program. Make sure automated scans are allowed before using tools like SQLMap
I very much appreciate for your prompt insight , I Just Tried the Recon approach and have been able to find my target IP address and Subdomain , I hv also tried the manual SQLI testing approach , but on the manual testing i think i still need more insight as to what will prove to me if this will eventually give desired result
hope to hear from you soon
Thank you