SQL injection has been at the top of the OWASP vulnerability listings for many years, the reason being that, if identified and exploited to the full extent, they produce catastrophic outcomes. We reviewed SQL injection as a vulnerability in detail; we looked at its types and sample attack scenarios. Then, we looked at some critical reports about SQL injection that were done by many bug bounty hunters. The goal of this chapter was to provide the reader with an overview about what SQL injection really is and how it can be used in the bug bounty hunting methodology. Initially, we analyzed an SQL injection in Uber, then we looked at an SQL injection in Grab Taxi, and others.