< back

recon harder or how I found a hidden blind sqli

Found an interesting open port with naabu, inspected JS files, and discovered an interesting API endpoint.

After some fuzzing and rebuilding the requests I found in the JS files, I reported an IDOR and this time-based SQLi1:

simple sqli poc

  1. yep, plain curl, because you don’t always need burp :) 


tags: #bugbounty, #sqli, #recon

Hey, I'd love to hear your thoughts! Just drop me an email.